Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Urunla 0010_Fiyat Talap Teklif ID56313.exe

Overview

General Information

Sample name:Urunla 0010_Fiyat Talap Teklif ID56313.exe
Analysis ID:1520414
MD5:6d0b36d8196d5204908ac46df6b26dd6
SHA1:a8e77c1ffb0dcd5df4be1c4f5c712d601b68b92e
SHA256:c05124a691aadde7935955fc41a1539398fe2007927ef19e27d8764cbafe266d
Tags:exegeoTURuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Telegram RAT
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to register a low level keyboard hook
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • kmk.exe (PID: 5268 cmdline: "C:\Users\user\AppData\Roaming\kmk\kmk.exe" MD5: 6D0B36D8196D5204908AC46DF6B26DD6)
    • kmk.exe (PID: 1784 cmdline: "{path}" MD5: 6D0B36D8196D5204908AC46DF6B26DD6)
  • kmk.exe (PID: 5296 cmdline: "C:\Users\user\AppData\Roaming\kmk\kmk.exe" MD5: 6D0B36D8196D5204908AC46DF6B26DD6)
    • kmk.exe (PID: 5252 cmdline: "{path}" MD5: 6D0B36D8196D5204908AC46DF6B26DD6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendMessage"}

Threatname: Agenttesla

{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendDocumentsendMessage?chat_id=document"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4507142891.0000000000432000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_AgentTesla_d3ac2b2funknownunknown
  • 0x745:$a3: MailAccountConfiguration
  • 0x75e:$a5: SmtpAccountConfiguration
  • 0x725:$a8: set_BindingAccountConfiguration
  • 0xe88:$a13: get_DnsResolver
  • 0x85f:$a19: get_disabledByRestriction
  • 0x4:$a23: get_enableLog
  • 0x66b:$a32: set_version
  • 0x9f2:$a35: get_ShiftKeyDown
  • 0xa03:$a36: get_AltKeyDown
  • 0x55:$a38: get_PasswordHash
00000006.00000002.4507138175.0000000000431000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_AgentTesla_d3ac2b2funknownunknown
  • 0x696:$a11: get_securityProfile
  • 0x537:$a12: get_useSeparateFolderTree
  • 0x946:$a14: get_archivingScope
  • 0x76e:$a15: get_providerName
  • 0x2fd:$a20: get_LastAccessed
  • 0x9e0:$a21: get_avatarType
  • 0x7eb:$a26: set_accountName
  • 0x846:$a31: set_username
  • 0x3e8:$a33: get_Clipboard
  • 0x3f6:$a34: get_Keyboard
  • 0x403:$a37: get_Password
00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
    00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_AgentTesla_d3ac2b2funknownunknown
      • 0x14ecf5:$a3: MailAccountConfiguration
      • 0x184315:$a3: MailAccountConfiguration
      • 0x14ed0e:$a5: SmtpAccountConfiguration
      • 0x18432e:$a5: SmtpAccountConfiguration
      • 0x14ecd5:$a8: set_BindingAccountConfiguration
      • 0x1842f5:$a8: set_BindingAccountConfiguration
      • 0x14dc46:$a11: get_securityProfile
      • 0x183266:$a11: get_securityProfile
      • 0x14dae7:$a12: get_useSeparateFolderTree
      • 0x183107:$a12: get_useSeparateFolderTree
      • 0x14f438:$a13: get_DnsResolver
      • 0x184a58:$a13: get_DnsResolver
      • 0x14def6:$a14: get_archivingScope
      • 0x183516:$a14: get_archivingScope
      • 0x14dd1e:$a15: get_providerName
      • 0x18333e:$a15: get_providerName
      • 0x150423:$a17: get_priority
      • 0x185a43:$a17: get_priority
      • 0x14f9f7:$a18: get_advancedParameters
      • 0x185017:$a18: get_advancedParameters
      • 0x14ee0f:$a19: get_disabledByRestriction
      Click to see the 31 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.400000.0.unpackWindows_Trojan_AgentTesla_d3ac2b2funknownunknown
      • 0x32073:$a17: get_priority
      • 0x31647:$a18: get_advancedParameters
      • 0x3175e:$a22: get_signaturePresets
      • 0x31ba9:$a27: set_InternalServerPort
      • 0x2ee94:$a28: set_bindingConfigurationUID
      • 0x31724:$a29: set_IdnAddress
      • 0x31f27:$a30: set_GuidMasterKey
      • 0x314bf:$a39: get_DefaultCredentials
      0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
        0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpackWindows_Trojan_AgentTesla_d3ac2b2funknownunknown
          • 0x2eb45:$a3: MailAccountConfiguration
          • 0x2eb5e:$a5: SmtpAccountConfiguration
          • 0x2eb25:$a8: set_BindingAccountConfiguration
          • 0x2da96:$a11: get_securityProfile
          • 0x2d937:$a12: get_useSeparateFolderTree
          • 0x2f288:$a13: get_DnsResolver
          • 0x2dd46:$a14: get_archivingScope
          • 0x2db6e:$a15: get_providerName
          • 0x30273:$a17: get_priority
          • 0x2f847:$a18: get_advancedParameters
          • 0x2ec5f:$a19: get_disabledByRestriction
          • 0x2d6fd:$a20: get_LastAccessed
          • 0x2dde0:$a21: get_avatarType
          • 0x2f95e:$a22: get_signaturePresets
          • 0x2e404:$a23: get_enableLog
          • 0x2dbeb:$a26: set_accountName
          • 0x2fda9:$a27: set_InternalServerPort
          • 0x2d094:$a28: set_bindingConfigurationUID
          • 0x2f924:$a29: set_IdnAddress
          • 0x30127:$a30: set_GuidMasterKey
          • 0x2dc46:$a31: set_username
          0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpackMALWARE_Win_AgentTeslaV3AgentTeslaV3 infostealer payloadditekSHen
          • 0x2e600:$s1: get_kbok
          • 0x2ef34:$s2: get_CHoo
          • 0x2fb8f:$s3: set_passwordIsSet
          • 0x2e404:$s4: get_enableLog
          • 0x32b27:$s8: torbrowser
          • 0x3150a:$s10: logins
          • 0x30dd8:$s11: credential
          • 0x2d7e8:$g1: get_Clipboard
          • 0x2d7f6:$g2: get_Keyboard
          • 0x2d803:$g3: get_Password
          • 0x2ede2:$g4: get_CtrlKeyDown
          • 0x2edf2:$g5: get_ShiftKeyDown
          • 0x2ee03:$g6: get_AltKeyDown
          Click to see the 30 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\kmk\kmk.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe, ProcessId: 5780, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmk

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeAvira: detected
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeAvira: detection malicious, Label: HEUR/AGEN.1323682
          Found malware configuration
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendDocumentsendMessage?chat_id=document"}
          Source: kmk.exe.5296.7.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendMessage"}
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeReversingLabs: Detection: 65%
          Multi AV Scanner detection for submitted file
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeReversingLabs: Detection: 65%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeJoe Sandbox ML: detected
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Yara detected Generic Downloader
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.39ddf00.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.393ba80.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.37cdf00.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.3873c20.1.raw.unpack, type: UNPACKEDPE
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000008.00000002.4515896776.0000000002D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
          Source: kmk.exe, 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNS
          Source: kmk.exe, 00000008.00000002.4515896776.0000000002D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://UZQtUP.com
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4507138175.0000000000434000.00000040.00000400.00020000.00000000.sdmp, kmk.exe, 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendDocumentdocument-----
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4507133105.0000000000436000.00000040.00000400.00020000.00000000.sdmp, kmk.exe, 00000005.00000002.2343737352.0000000004385000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
          Source: kmk.exe, 00000008.00000002.4515896776.0000000002D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Contains functionality to register a low level keyboard hook
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_01506890 SetWindowsHookExW 0000000D,00000000,?,?3_2_01506890
          Installs a global keyboard hook
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\kmk\kmk.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\kmk\kmk.exeJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 7.2.kmk.exe.39ddf00.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 7.2.kmk.exe.39ddf00.2.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 7.2.kmk.exe.39ddf00.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 7.2.kmk.exe.39ddf00.2.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 7.2.kmk.exe.393ba80.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 7.2.kmk.exe.393ba80.3.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.37cdf00.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.37cdf00.2.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 7.2.kmk.exe.3873c20.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 7.2.kmk.exe.3873c20.1.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 5.2.kmk.exe.3136af4.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
          Source: 00000008.00000002.4507142891.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 00000006.00000002.4507138175.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 4424, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTRMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTRMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
          Source: Process Memory Space: kmk.exe PID: 5296, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: Process Memory Space: kmk.exe PID: 5252, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_00CFD3B40_2_00CFD3B4
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F8C320_2_0C7F8C32
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F29480_2_0C7F2948
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F37500_2_0C7F3750
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F7D710_2_0C7F7D71
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F8D710_2_0C7F8D71
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F7D800_2_0C7F7D80
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F2E500_2_0C7F2E50
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F2E340_2_0C7F2E34
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F5FD00_2_0C7F5FD0
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F5FC10_2_0C7F5FC1
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F29380_2_0C7F2938
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F34580_2_0C7F3458
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F65FB0_2_0C7F65FB
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F65F90_2_0C7F65F9
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F66080_2_0C7F6608
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F37400_2_0C7F3740
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F00400_2_0C7F0040
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F00070_2_0C7F0007
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F81A60_2_0C7F81A6
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014A70C83_2_014A70C8
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014AE7203_2_014AE720
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014AB6983_2_014AB698
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014A51483_2_014A5148
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014A95803_2_014A9580
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014AA4A83_2_014AA4A8
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014A1BB83_2_014A1BB8
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_015095783_2_01509578
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_015019B03_2_015019B0
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_01504E983_2_01504E98
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_015000403_2_01500040
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_015070C03_2_015070C0
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_01502DA03_2_01502DA0
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_01626A7F3_2_01626A7F
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_01625D483_2_01625D48
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0162BA373_2_0162BA37
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_01625D393_2_01625D39
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_06483E903_2_06483E90
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0648BC603_2_0648BC60
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_064814B03_2_064814B0
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0648E5383_2_0648E538
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0648F2983_2_0648F298
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_06484AA83_2_06484AA8
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_064852003_2_06485200
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_064841D83_2_064841D8
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014AB6973_2_014AB697
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_02F3D3B45_2_02F3D3B4
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE48C325_2_0CE48C32
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE429485_2_0CE42948
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE437505_2_0CE43750
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE463085_2_0CE46308
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE47D805_2_0CE47D80
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE48D715_2_0CE48D71
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE47D7F5_2_0CE47D7F
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE42E4F5_2_0CE42E4F
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE42E505_2_0CE42E50
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE45FCF5_2_0CE45FCF
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE45FD05_2_0CE45FD0
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE429475_2_0CE42947
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE466025_2_0CE46602
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE466085_2_0CE46608
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE4374F5_2_0CE4374F
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE400405_2_0CE40040
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE4003F5_2_0CE4003F
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE481A65_2_0CE481A6
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE463075_2_0CE46307
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_017747D46_2_017747D4
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_01775D486_2_01775D48
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_01776A306_2_01776A30
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_01775C606_2_01775C60
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018874C86_2_018874C8
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_0188B7646_2_0188B764
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018851886_2_01885188
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018835856_2_01883585
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018837ED6_2_018837ED
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018837556_2_01883755
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018896486_2_01889648
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_0188365D6_2_0188365D
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018839ED6_2_018839ED
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018839716_2_01883971
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018838856_2_01883885
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018818786_2_01881878
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_01884D836_2_01884D83
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018B19B06_2_018B19B0
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018B4E986_2_018B4E98
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018B11576_2_018B1157
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018B2E446_2_018B2E44
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0256D3B47_2_0256D3B4
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_04D16D987_2_04D16D98
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_04D11C007_2_04D11C00
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_04D100407_2_04D10040
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_04D100077_2_04D10007
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_04D16D887_2_04D16D88
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_04D11BF27_2_04D11BF2
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B386B87_2_06B386B8
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B376C07_2_06B376C0
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B38E407_2_06B38E40
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B337487_2_06B33748
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B39C407_2_06B39C40
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B3AB387_2_06B3AB38
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B3CE807_2_06B3CE80
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B38E327_2_06B38E32
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B3863E7_2_06B3863E
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B386727_2_06B38672
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B39C307_2_06B39C30
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B3CC487_2_06B3CC48
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B3C5A07_2_06B3C5A0
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B392A07_2_06B392A0
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B392927_2_06B39292
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B3D2D87_2_06B3D2D8
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B39B907_2_06B39B90
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B37B107_2_06B37B10
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B37B007_2_06B37B00
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B3D0F87_2_06B3D0F8
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B300067_2_06B30006
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_06B300407_2_06B30040
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C398C327_2_0C398C32
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3937507_2_0C393750
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3929487_2_0C392948
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C393C007_2_0C393C00
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C397D717_2_0C397D71
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C398D717_2_0C398D71
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C397D807_2_0C397D80
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C392E347_2_0C392E34
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3966087_2_0C396608
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3966027_2_0C396602
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C392E507_2_0C392E50
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3937407_2_0C393740
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C395FD07_2_0C395FD0
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C395FC17_2_0C395FC1
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3900077_2_0C390007
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3900407_2_0C390040
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3929387_2_0C392938
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C3981A67_2_0C3981A6
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00E547D48_2_00E547D4
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00E55D488_2_00E55D48
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00E56A308_2_00E56A30
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00E55C608_2_00E55C60
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00EF74C88_2_00EF74C8
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00EFB7648_2_00EFB764
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00EFE7388_2_00EFE738
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00EF96488_2_00EF9648
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00EF2C688_2_00EF2C68
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00F295788_2_00F29578
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00F219B08_2_00F219B0
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00F24E988_2_00F24E98
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00F22DA08_2_00F22DA0
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2059875133.0000000006BE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000000.2025602650.0000000000292000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEuuAGSl.exe. vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2056464575.0000000002938000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2055440511.000000000073E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJxIIaRUTvaLxexPWTLbbe.exe4 vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2056464575.00000000026E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJxIIaRUTvaLxexPWTLbbe.exe4 vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4507935855.0000000001137000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeBinary or memory string: OriginalFilenameEuuAGSl.exe. vs Urunla 0010_Fiyat Talap Teklif ID56313.exe
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 7.2.kmk.exe.39ddf00.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 7.2.kmk.exe.39ddf00.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 7.2.kmk.exe.39ddf00.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 7.2.kmk.exe.39ddf00.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 7.2.kmk.exe.393ba80.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 7.2.kmk.exe.393ba80.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.37cdf00.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.37cdf00.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 7.2.kmk.exe.3873c20.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 7.2.kmk.exe.3873c20.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 5.2.kmk.exe.3136af4.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
          Source: 00000008.00000002.4507142891.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 00000006.00000002.4507138175.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 4424, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTRMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTRMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
          Source: Process Memory Space: kmk.exe PID: 5296, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: Process Memory Space: kmk.exe PID: 5252, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: kmk.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.csCryptographic APIs: 'TransformFinalBlock'
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/4@0/0
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Urunla 0010_Fiyat Talap Teklif ID56313.exe.logJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMutant created: NULL
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMutant created: \Sessions\1\BaseNamedObjects\PLxhQIxwnCWZmNEmCJHdtxwX
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4514332957.0000000003092000.00000004.00000800.00020000.00000000.sdmp, Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4514332957.00000000030C5000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4515867343.00000000033AF000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4515867343.00000000033E2000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000008.00000002.4515896776.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000008.00000002.4515896776.0000000002E82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeReversingLabs: Detection: 65%
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile read: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe "C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe"
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess created: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe "{path}"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "C:\Users\user\AppData\Roaming\kmk\kmk.exe"
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "{path}"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "C:\Users\user\AppData\Roaming\kmk\kmk.exe"
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "{path}"
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess created: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe "{path}"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "{path}"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "{path}"Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, --.cs.Net Code: _0003 System.AppDomain.Load(byte[])
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.2706bd4.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, B.cs.Net Code: A System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.4d50000.3.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: kmk.exe.3.dr, --.cs.Net Code: _0003 System.AppDomain.Load(byte[])
          Source: 5.2.kmk.exe.3136af4.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: 7.2.kmk.exe.39ddf00.2.raw.unpack, B.cs.Net Code: A System.Reflection.Assembly.Load(byte[])
          Source: 7.2.kmk.exe.2716714.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 0_2_0C7F5A4D push eax; ret 0_2_0C7F5A52
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_014A3F8F push edi; retn 0000h3_2_014A3F91
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0150E808 pushfd ; ret 3_2_0150E809
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0162C762 push eax; ret 3_2_0162C7CA
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0162C7E0 push eax; ret 3_2_0162C7EA
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0162C7C0 push eax; ret 3_2_0162C7CA
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0162C7D0 push eax; ret 3_2_0162C7DA
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0162C780 push eax; ret 3_2_0162C7BA
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0162C780 push eax; ret 3_2_0162C7EA
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_06486638 pushfd ; ret 3_2_06486641
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0648D55A push ss; iretd 3_2_0648D55D
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0648D006 push es; ret 3_2_0648D010
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_0648D012 push ebx; ret 3_2_0648D015
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 5_2_0CE45A4D push eax; ret 5_2_0CE45A52
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_0177C7E0 push eax; ret 6_2_0177C7EA
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_0177C7D0 push eax; ret 6_2_0177C7DA
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_0177C7C0 push eax; ret 6_2_0177C7CA
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_0177C780 push eax; ret 6_2_0177C7BA
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_01884057 push edi; retn 0000h6_2_01884059
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018B0312 push 8BFFFFFFh; retf 6_2_018B0318
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 6_2_018BE808 pushfd ; ret 6_2_018BE809
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_04D1F66D push esp; ret 7_2_04D1F679
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 7_2_0C395A4D push eax; ret 7_2_0C395A52
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00E5C7E0 push eax; ret 8_2_00E5C7EA
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00E5C7C0 push eax; ret 8_2_00E5C7CA
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00E5C7D0 push eax; ret 8_2_00E5C7DA
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00EF4057 push edi; retn 0000h8_2_00EF4059
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00F2030C push 8BFFFFFFh; retf 8_2_00F20318
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeCode function: 8_2_00F2E808 pushfd ; ret 8_2_00F2E809
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exeStatic PE information: section name: .text entropy: 7.818567192417198
          Source: kmk.exe.3.drStatic PE information: section name: .text entropy: 7.818567192417198
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile created: C:\Users\user\AppData\Roaming\kmk\kmk.exeJump to dropped file
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run kmkJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run kmkJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile opened: C:\Users\user\AppData\Roaming\kmk\kmk.exe:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 4424, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 5268, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 5296, type: MEMORYSTR
          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2056464575.00000000028EE000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000005.00000002.2340294761.0000000003111000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2056464575.00000000028EE000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000005.00000002.2340294761.0000000003111000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: CA0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 25E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 7410000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 6C60000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 8410000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 9410000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 97A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: A7A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: B7A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 15E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: 4F90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 2EF0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 3110000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 5110000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 78E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 88E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 8A70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 9A70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 9DD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: ADD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: BDD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 1750000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 32B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 52B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 2510000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 46F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 6FF0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 6D10000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 7FF0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 8FF0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 9320000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: A320000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: B320000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: E50000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 2D50000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory allocated: 1160000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWindow / User API: threadDelayed 7296Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWindow / User API: threadDelayed 2544Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindow / User API: threadDelayed 6178Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindow / User API: threadDelayed 3629Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindow / User API: threadDelayed 6686Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWindow / User API: threadDelayed 3148Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe TID: 4436Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe TID: 5540Thread sleep count: 33 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe TID: 5540Thread sleep time: -30437127721620741s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe TID: 5960Thread sleep count: 7296 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe TID: 5960Thread sleep count: 2544 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 6496Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 4676Thread sleep count: 36 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 4676Thread sleep time: -33204139332677172s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 6128Thread sleep count: 6178 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 6128Thread sleep count: 3629 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 5948Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 3128Thread sleep time: -26747778906878833s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 4352Thread sleep count: 6686 > 30Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exe TID: 4352Thread sleep count: 3148 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
          Source: kmk.exe, 00000007.00000002.2425098716.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeCode function: 3_2_015092E8 LdrInitializeThunk,3_2_015092E8
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeMemory written: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory written: C:\Users\user\AppData\Roaming\kmk\kmk.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeMemory written: C:\Users\user\AppData\Roaming\kmk\kmk.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeProcess created: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe "{path}"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "{path}"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeProcess created: C:\Users\user\AppData\Roaming\kmk\kmk.exe "{path}"Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Users\user\AppData\Roaming\kmk\kmk.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Users\user\AppData\Roaming\kmk\kmk.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Users\user\AppData\Roaming\kmk\kmk.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Users\user\AppData\Roaming\kmk\kmk.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected AgentTesla
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.39ddf00.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.39ddf00.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.393ba80.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.37cdf00.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.3873c20.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 4424, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 5296, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 4424, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 5296, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: C:\Users\user\AppData\Roaming\kmk\kmk.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
          Source: Yara matchFile source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected AgentTesla
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.39ddf00.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.38eb3b0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.39ddf00.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.393ba80.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Urunla 0010_Fiyat Talap Teklif ID56313.exe.37cdf00.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.kmk.exe.3873c20.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 4424, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 5296, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 4424, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Urunla 0010_Fiyat Talap Teklif ID56313.exe PID: 5780, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 1784, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: kmk.exe PID: 5296, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
          Windows Management Instrumentation          		1
          Registry Run Keys / Startup Folder          		111
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		311
          Security Software Discovery          		Remote Services1
          Email Collection          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading          		1
          Registry Run Keys / Startup Folder          		1
          Disable or Modify Tools          		21
          Input Capture          		1
          Process Discovery          		Remote Desktop Protocol21
          Input Capture          		Junk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		141
          Virtualization/Sandbox Evasion          		Security Account Manager141
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares11
          Archive Collected Data          		SteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object Model1
          Data from Local System          		Protocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          File and Directory Discovery          		SSH1
          Clipboard Data          		Fallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Hidden Files and Directories          		Cached Domain Credentials24
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Obfuscated Files or Information          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
          Software Packing          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520414 Sample: Urunla 0010_Fiyat Talap Tek... Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 28 Found malware configuration 2->28 30 Malicious sample detected (through community Yara rule) 2->30 32 Antivirus / Scanner detection for submitted sample 2->32 34 10 other signatures 2->34 6 Urunla 0010_Fiyat Talap Teklif ID56313.exe 3 2->6         started        10 kmk.exe 3 2->10         started        12 kmk.exe 2 2->12         started        process3 file4 22 Urunla 0010_Fiyat ...lif ID56313.exe.log, ASCII 6->22 dropped 36 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 6->36 38 Injects a PE file into a foreign processes 6->38 14 Urunla 0010_Fiyat Talap Teklif ID56313.exe 1 5 6->14         started        40 Antivirus detection for dropped file 10->40 42 Multi AV Scanner detection for dropped file 10->42 44 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 10->44 46 Machine Learning detection for dropped file 10->46 18 kmk.exe 2 10->18         started        20 kmk.exe 2 12->20         started        signatures5 process6 file7 24 C:\Users\user\AppData\Roaming\kmk\kmk.exe, PE32 14->24 dropped 26 C:\Users\user\...\kmk.exe:Zone.Identifier, ASCII 14->26 dropped 48 Tries to steal Mail credentials (via file / registry access) 14->48 50 Hides that the sample has been downloaded from the Internet (zone.identifier) 14->50 52 Installs a global keyboard hook 14->52 54 Tries to harvest and steal browser information (history, passwords, etc) 20->54 signatures8

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Urunla 0010_Fiyat Talap Teklif ID56313.exe66%ReversingLabsByteCode-MSIL.Trojan.Strictor
          Urunla 0010_Fiyat Talap Teklif ID56313.exe100%AviraHEUR/AGEN.1323682
          Urunla 0010_Fiyat Talap Teklif ID56313.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\kmk\kmk.exe100%AviraHEUR/AGEN.1323682
          C:\Users\user\AppData\Roaming\kmk\kmk.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\kmk\kmk.exe66%ReversingLabsByteCode-MSIL.Trojan.Strictor

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://127.0.0.1:HTTP/1.1Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000008.00000002.4515896776.0000000002D55000.00000004.00000800.00020000.00000000.sdmpfalse
            		unknown
            http://DynDns.comDynDNSkmk.exe, 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
              		unknown
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%hakmk.exe, 00000008.00000002.4515896776.0000000002D55000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendDocumentdocument-----Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipUrunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000003.00000002.4507133105.0000000000436000.00000040.00000400.00020000.00000000.sdmp, kmk.exe, 00000005.00000002.2343737352.0000000004385000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/Urunla 0010_Fiyat Talap Teklif ID56313.exe, 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, kmk.exe, 00000006.00000002.4507138175.0000000000434000.00000040.00000400.00020000.00000000.sdmp, kmk.exe, 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmptrue
                      		unknown
                      http://UZQtUP.comkmk.exe, 00000008.00000002.4515896776.0000000002D51000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown

                        World Map of Contacted IPs

                        No contacted IP infos

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1520414
                        Start date and time:2024-09-27 10:46:01 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 9m 20s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Urunla 0010_Fiyat Talap Teklif ID56313.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@9/4@0/0
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 98%
                        • Number of executed functions: 293
                        • Number of non-executed functions: 16
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • VT rate limit hit for: Urunla 0010_Fiyat Talap Teklif ID56313.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:46:51API Interceptor5494607x Sleep call for process: Urunla 0010_Fiyat Talap Teklif ID56313.exe modified
                        04:47:18API Interceptor6835892x Sleep call for process: kmk.exe modified
                        10:47:09AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run kmk C:\Users\user\AppData\Roaming\kmk\kmk.exe
                        10:47:18AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run kmk C:\Users\user\AppData\Roaming\kmk\kmk.exe

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Urunla 0010_Fiyat Talap Teklif ID56313.exe.log

                        Download File
                        Process:C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1216
                        Entropy (8bit):5.34331486778365
                        Encrypted:false
                        SSDEEP:24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
                        MD5:7B709BC412BEC5C3CFD861C041DAD408
                        SHA1:532EA6BB3018AE3B51E7A5788F614A6C49252BCF
                        SHA-256:733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
                        SHA-512:B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
                        Malicious:true
                        Reputation:moderate, very likely benign file
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\kmk.exe.log

                        Download File
                        Process:C:\Users\user\AppData\Roaming\kmk\kmk.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1216
                        Entropy (8bit):5.34331486778365
                        Encrypted:false
                        SSDEEP:24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
                        MD5:7B709BC412BEC5C3CFD861C041DAD408
                        SHA1:532EA6BB3018AE3B51E7A5788F614A6C49252BCF
                        SHA-256:733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
                        SHA-512:B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                        C:\Users\user\AppData\Roaming\kmk\kmk.exe

                        Download File
                        Process:C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):610816
                        Entropy (8bit):7.7587454105123745
                        Encrypted:false
                        SSDEEP:12288:e72zDn3/JEQOxcvFR9uPLjWcN5fDgrGN+hrROh5eFyBhc:7P2/cvFyPLCS+SNKvF
                        MD5:6D0B36D8196D5204908AC46DF6B26DD6
                        SHA1:A8E77C1FFB0DCD5DF4BE1C4F5C712D601B68B92E
                        SHA-256:C05124A691AADDE7935955FC41A1539398FE2007927EF19E27D8764CBAFE266D
                        SHA-512:ACE3EC7CF57DD4F0B646B19EBC712B9A13015F1B0DDE48882147908D776F2CBD3A3F4036F6DF624FC3A5B308EC2CADCE04F895A463D9968840D991BB1302336A
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 66%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y.d.....................T........... ... ....@.. ....................................@.................................d...W.... ..xP........................................................................... ............... ..H............text........ ...................... ..`.rsrc...xP... ...R..................@..@.reloc...............P..............@..B........................H...........\..............,...........................................z.(......}.....(....o....}....*..0...........{............3.....(.....*..................0...........{......,....f.........}......}......}.......s....o....}.......}....8......{....o....}......{....}......}.............}.....{........Y}.....{....-...+H.{........{....X.{....X .;.|.{....Xa}......}.....{....o6...:q....(....+..(........}.........(......*................n..}.....{....,..{....o....*..{....*.s..

                        C:\Users\user\AppData\Roaming\kmk\kmk.exe:Zone.Identifier

                        Download File
                        Process:C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:modified
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:ggPYV:rPYV
                        MD5:187F488E27DB4AF347237FE461A079AD
                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                        Malicious:true
                        Reputation:high, very likely benign file
                        Preview:[ZoneTransfer]....ZoneId=0

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):7.7587454105123745
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        • Win32 Executable (generic) a (10002005/4) 49.78%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:Urunla 0010_Fiyat Talap Teklif ID56313.exe
                        File size:610'816 bytes
                        MD5:6d0b36d8196d5204908ac46df6b26dd6
                        SHA1:a8e77c1ffb0dcd5df4be1c4f5c712d601b68b92e
                        SHA256:c05124a691aadde7935955fc41a1539398fe2007927ef19e27d8764cbafe266d
                        SHA512:ace3ec7cf57dd4f0b646b19ebc712b9a13015f1b0dde48882147908d776f2cbd3a3f4036f6df624fc3a5b308ec2cadce04f895a463d9968840d991bb1302336a
                        SSDEEP:12288:e72zDn3/JEQOxcvFR9uPLjWcN5fDgrGN+hrROh5eFyBhc:7P2/cvFyPLCS+SNKvF
                        TLSH:63D4E0E086048FBBE9F810B4D41609A467F37DB09460F3D33D9A749EE3B276B8766506
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y.d.....................T........... ... ....@.. ....................................@................................

                        File Icon

                        Icon Hash:46992606071d1a94

                        Static PE Info

                        General

                        Entrypoint:0x491abe
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x642E79E4 [Thu Apr 6 07:51:00 2023 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x91a640x57.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x920000x5078.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x980000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000x8fac40x8fc00c5e38fb826b3eab32e9b624e01b75173False0.8622520380434783data7.818567192417198IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0x920000x50780x5200bb3fe55976294ada8a77bc1fd6fbdac7False0.23256478658536586data4.370836127133867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x980000xc0x200db0cc57b1f79881e4ec2161169874aa5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0x921a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.3953900709219858
                        RT_ICON0x926100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.21693245778611633
                        RT_ICON0x936b80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.3482645403377111
                        RT_ICON0x947600x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.1716804979253112
                        RT_GROUP_ICON0x96d080x22data0.9411764705882353
                        RT_GROUP_ICON0x96d2c0x3edata0.8064516129032258
                        RT_VERSION0x96d6c0x30cdata0.4371794871794872

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Network Behavior

                        No network behavior found

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:04:46:50
                        Start date:27/09/2024
                        Path:C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe"
                        Imagebase:0x290000
                        File size:610'816 bytes
                        MD5 hash:6D0B36D8196D5204908AC46DF6B26DD6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_AgentTesla_d3ac2b2f, Description: unknown, Source: 00000000.00000002.2057456613.00000000037CD000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:3
                        Start time:04:46:51
                        Start date:27/09/2024
                        Path:C:\Users\user\Desktop\Urunla 0010_Fiyat Talap Teklif ID56313.exe
                        Wow64 process (32bit):true
                        Commandline:"{path}"
                        Imagebase:0xd10000
                        File size:610'816 bytes
                        MD5 hash:6D0B36D8196D5204908AC46DF6B26DD6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: 00000003.00000002.4514332957.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:5
                        Start time:04:47:18
                        Start date:27/09/2024
                        Path:C:\Users\user\AppData\Roaming\kmk\kmk.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Roaming\kmk\kmk.exe"
                        Imagebase:0xd30000
                        File size:610'816 bytes
                        MD5 hash:6D0B36D8196D5204908AC46DF6B26DD6
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 66%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:6
                        Start time:04:47:19
                        Start date:27/09/2024
                        Path:C:\Users\user\AppData\Roaming\kmk\kmk.exe
                        Wow64 process (32bit):true
                        Commandline:"{path}"
                        Imagebase:0xfb0000
                        File size:610'816 bytes
                        MD5 hash:6D0B36D8196D5204908AC46DF6B26DD6
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: Windows_Trojan_AgentTesla_d3ac2b2f, Description: unknown, Source: 00000006.00000002.4507138175.0000000000431000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: 00000006.00000002.4515867343.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:7
                        Start time:04:47:26
                        Start date:27/09/2024
                        Path:C:\Users\user\AppData\Roaming\kmk\kmk.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Roaming\kmk\kmk.exe"
                        Imagebase:0x350000
                        File size:610'816 bytes
                        MD5 hash:6D0B36D8196D5204908AC46DF6B26DD6
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_AgentTesla_d3ac2b2f, Description: unknown, Source: 00000007.00000002.2429634702.0000000003793000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:8
                        Start time:04:47:27
                        Start date:27/09/2024
                        Path:C:\Users\user\AppData\Roaming\kmk\kmk.exe
                        Wow64 process (32bit):true
                        Commandline:"{path}"
                        Imagebase:0x7e0000
                        File size:610'816 bytes
                        MD5 hash:6D0B36D8196D5204908AC46DF6B26DD6
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: Windows_Trojan_AgentTesla_d3ac2b2f, Description: unknown, Source: 00000008.00000002.4507142891.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                        Reputation:low
                        Has exited:false

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:8.6%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:145
                          Total number of Limit Nodes:10
                          execution_graph 17316 c7f73bd 17320 c7f85f8 17316->17320 17323 c7f85f0 17316->17323 17317 c7f73d7 17321 c7f8643 ReadProcessMemory 17320->17321 17322 c7f8686 17321->17322 17322->17317 17324 c7f85f8 ReadProcessMemory 17323->17324 17326 c7f8686 17324->17326 17326->17317 17327 c7f043b 17331 c7f2838 17327->17331 17334 c7f2840 17327->17334 17328 c7f044c 17332 c7f2888 VirtualProtect 17331->17332 17333 c7f28c2 17332->17333 17333->17328 17335 c7f2888 VirtualProtect 17334->17335 17336 c7f28c2 17335->17336 17336->17328 17337 c7f8538 17338 c7f8580 Wow64SetThreadContext 17337->17338 17340 c7f85be 17338->17340 17341 c7fa8f8 CloseHandle 17342 c7fa95f 17341->17342 17343 cf6c08 17345 cf6c16 17343->17345 17346 cf5944 17343->17346 17347 cf594f 17346->17347 17350 cf59f0 17347->17350 17349 cf6ced 17349->17345 17351 cf59fb 17350->17351 17354 cf5a20 17351->17354 17353 cf6dc2 17353->17349 17355 cf5a2b 17354->17355 17358 cf5a50 17355->17358 17357 cf6ec5 17357->17353 17359 cf5a5b 17358->17359 17361 cf804b 17359->17361 17365 cfaa78 17359->17365 17360 cf8089 17360->17357 17361->17360 17369 cfcb78 17361->17369 17374 cfcb68 17361->17374 17379 cfaaa1 17365->17379 17385 cfaab0 17365->17385 17366 cfaa8e 17366->17361 17371 cfcb7b 17369->17371 17370 cfcbbd 17370->17360 17371->17370 17399 cfcd18 17371->17399 17403 cfcd28 17371->17403 17375 cfcb76 17374->17375 17376 cfcbbd 17375->17376 17377 cfcd18 2 API calls 17375->17377 17378 cfcd28 2 API calls 17375->17378 17376->17360 17377->17376 17378->17376 17380 cfaaaa 17379->17380 17382 cfaabf 17379->17382 17381 cfaa72 17380->17381 17389 cfab98 17380->17389 17394 cfaba8 17380->17394 17381->17366 17382->17366 17387 cfab98 GetModuleHandleW 17385->17387 17388 cfaba8 GetModuleHandleW 17385->17388 17386 cfaabf 17386->17366 17387->17386 17388->17386 17391 cfaba2 17389->17391 17390 cfabd8 17390->17382 17391->17390 17392 cfade0 GetModuleHandleW 17391->17392 17393 cfae0d 17392->17393 17393->17382 17395 cfabb9 17394->17395 17396 cfabd8 17394->17396 17395->17396 17397 cfade0 GetModuleHandleW 17395->17397 17396->17382 17398 cfae0d 17397->17398 17398->17382 17400 cfcd35 17399->17400 17402 cfcd6f 17400->17402 17407 cfb8d0 17400->17407 17402->17370 17404 cfcd35 17403->17404 17405 cfcd6f 17404->17405 17406 cfb8d0 2 API calls 17404->17406 17405->17370 17406->17405 17408 cfb8db 17407->17408 17409 cfda88 17408->17409 17411 cfd0d4 17408->17411 17412 cfd0df 17411->17412 17413 cf5a50 2 API calls 17412->17413 17414 cfdaf7 17413->17414 17414->17409 17467 c7f6dd4 17471 c7f86c8 17467->17471 17474 c7f86c0 17467->17474 17468 c7f6dee 17472 c7f870b VirtualAllocEx 17471->17472 17473 c7f8742 17472->17473 17473->17468 17475 c7f86c8 VirtualAllocEx 17474->17475 17477 c7f8742 17475->17477 17477->17468 17478 c7f6852 17482 c7f7b2d 17478->17482 17486 c7f7b38 17478->17486 17483 c7f7bb7 CreateProcessW 17482->17483 17485 c7f7ca0 17483->17485 17487 c7f7bb7 CreateProcessW 17486->17487 17489 c7f7ca0 17487->17489 17490 c7f03d2 17492 c7f2838 VirtualProtect 17490->17492 17493 c7f2840 VirtualProtect 17490->17493 17491 c7f03e6 17492->17491 17493->17491 17419 cfce40 17420 cfce86 GetCurrentProcess 17419->17420 17422 cfced8 GetCurrentThread 17420->17422 17423 cfced1 17420->17423 17424 cfcf0e 17422->17424 17425 cfcf15 GetCurrentProcess 17422->17425 17423->17422 17424->17425 17426 cfcf4b GetCurrentThreadId 17425->17426 17428 cfcfa4 17426->17428 17494 c7f9010 17495 c7f919b 17494->17495 17496 c7f9036 17494->17496 17496->17495 17499 c7f9288 17496->17499 17502 c7f9290 PostMessageW 17496->17502 17500 c7f9290 PostMessageW 17499->17500 17501 c7f92fc 17500->17501 17501->17496 17503 c7f92fc 17502->17503 17503->17496 17433 c7f67e8 17437 c7f8768 17433->17437 17441 c7f8770 17433->17441 17434 c7f668e 17438 c7f8770 WriteProcessMemory 17437->17438 17440 c7f880c 17438->17440 17440->17434 17442 c7f87bb WriteProcessMemory 17441->17442 17444 c7f880c 17442->17444 17444->17434 17445 c7f74e7 17446 c7f74f0 17445->17446 17448 c7f8768 WriteProcessMemory 17446->17448 17449 c7f8770 WriteProcessMemory 17446->17449 17447 c7f751c 17448->17447 17449->17447 17512 c7f2144 17513 c7f210e 17512->17513 17514 c7f2147 17512->17514 17513->17512 17515 c7f2838 VirtualProtect 17513->17515 17516 c7f2840 VirtualProtect 17513->17516 17515->17513 17516->17513 17450 c7f6e62 17454 c7f8928 17450->17454 17457 c7f8920 17450->17457 17451 c7f6e6d 17455 c7f8969 ResumeThread 17454->17455 17456 c7f8996 17455->17456 17456->17451 17458 c7f8928 ResumeThread 17457->17458 17460 c7f8996 17458->17460 17460->17451 17461 cfd490 DuplicateHandle 17462 cfd526 17461->17462 17463 c7f6ae0 17465 c7f8768 WriteProcessMemory 17463->17465 17466 c7f8770 WriteProcessMemory 17463->17466 17464 c7f6b04 17465->17464 17466->17464

                          Executed Functions

                          Function 0C7F8C32 Relevance: 2.7, Strings: 2, Instructions: 245COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 570 c7f8c32-c7f8c34 571 c7f8bf2-c7f8c0e 570->571 572 c7f8c17-c7f8c18 571->572 573 c7f8c10 571->573 574 c7f8c7e-c7f8c87 572->574 573->572 573->574 575 c7f8dbe-c7f8dc4 573->575 576 c7f8c3c-c7f8c41 573->576 577 c7f8e7b-c7f8e90 573->577 578 c7f8d7a 573->578 579 c7f8df9-c7f8e0d 573->579 580 c7f8f38-c7f8f39 573->580 581 c7f8c36-c7f8c37 573->581 582 c7f8cf1-c7f8d24 573->582 583 c7f8c70-c7f8c79 573->583 584 c7f8d6e-c7f8d6f 573->584 585 c7f8beb 573->585 586 c7f8d29-c7f8d2d 573->586 587 c7f8da9-c7f8dbc 573->587 588 c7f8ee8 573->588 589 c7f8c65-c7f8c6b 573->589 590 c7f8e63-c7f8e76 573->590 591 c7f8d60-c7f8d69 573->591 592 c7f8f20-c7f8f33 573->592 593 c7f8cde-c7f8cec 573->593 594 c7f8c1a-c7f8c31 573->594 595 c7f8c97 573->595 596 c7f8e95-c7f8e99 573->596 597 c7f8e0f-c7f8e41 call c7f5d60 call c7f5da0 573->597 598 c7f8ecc-c7f8ed5 573->598 599 c7f8cc9-c7f8cdc 573->599 600 c7f8dc7 573->600 601 c7f8e43-c7f8e5e 573->601 602 c7f8f00-c7f8f1b 573->602 613 c7f8c8e-c7f8c96 574->613 614 c7f8c89 574->614 606 c7f8dc6 575->606 625 c7f8c48-c7f8c63 576->625 608 c7f8dce-c7f8dea 577->608 607 c7f8d81-c7f8d9d 578->607 579->608 581->580 603 c7f8c9e-c7f8cba 582->603 583->571 584->606 585->571 604 c7f8d2f-c7f8d3e 586->604 605 c7f8d40-c7f8d47 586->605 587->607 632 c7f8eed call c7f95f0 588->632 633 c7f8eed call c7f9600 588->633 589->598 590->608 591->603 592->608 593->602 594->570 595->603 610 c7f8eac-c7f8eb3 596->610 611 c7f8e9b-c7f8eaa 596->611 597->608 598->574 612 c7f8edb-c7f8ee3 598->612 599->603 600->608 601->608 602->608 615 c7f8cbc 603->615 616 c7f8cc3-c7f8cc4 603->616 619 c7f8d4e-c7f8d5b 604->619 605->619 606->600 621 c7f8d9f 607->621 622 c7f8da6-c7f8da7 607->622 626 c7f8dec 608->626 627 c7f8df3-c7f8df4 608->627 620 c7f8eba-c7f8ec7 610->620 611->620 612->608 613->595 614->613 615->575 615->577 615->578 615->579 615->580 615->582 615->584 615->586 615->587 615->588 615->590 615->591 615->592 615->593 615->595 615->596 615->597 615->598 615->599 615->600 615->601 615->602 615->616 616->584 619->603 620->608 621->575 621->577 621->578 621->579 621->580 621->587 621->588 621->590 621->592 621->596 621->597 621->598 621->600 621->601 621->602 621->622 622->575 623 c7f8ef3-c7f8efb 623->608 625->571 626->577 626->579 626->580 626->588 626->590 626->592 626->596 626->597 626->598 626->600 626->601 626->602 626->627 627->580 632->623 633->623
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: 9!${m[s
                          • API String ID: 0-624730048
                          • Opcode ID: a826f75e61a5f4c3e931e97e9396138c916930b7c3930be0ae3c98a0a7472893
                          • Instruction ID: 93abcc2d020f9ba2748100107d37853b7923776914770ed3c928c128a52c8ee7
                          • Opcode Fuzzy Hash: a826f75e61a5f4c3e931e97e9396138c916930b7c3930be0ae3c98a0a7472893
                          • Instruction Fuzzy Hash: 3BA146B0E19209DFCB14CFA5D5C05ADFBB2FB9A310F24A42AD105BB394D7349942CB16
                          Function 0C7F8D71 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 634 c7f8d71-c7f8d77 635 c7f8d7a 634->635 636 c7f8d81-c7f8d9d 635->636 637 c7f8d9f 636->637 638 c7f8da6-c7f8da7 636->638 637->635 637->638 639 c7f8dbe-c7f8dc4 637->639 640 c7f8e7b-c7f8e90 637->640 641 c7f8df9-c7f8e0d 637->641 642 c7f8f38-c7f8f39 637->642 643 c7f8e95-c7f8e99 637->643 644 c7f8e0f-c7f8e41 call c7f5d60 call c7f5da0 637->644 645 c7f8ecc-c7f8ed5 637->645 646 c7f8da9-c7f8dbc 637->646 647 c7f8ee8 637->647 648 c7f8dc7 637->648 649 c7f8e43-c7f8e5e 637->649 650 c7f8e63-c7f8e76 637->650 651 c7f8f20-c7f8f33 637->651 652 c7f8f00-c7f8f1b 637->652 638->639 668 c7f8dc6 639->668 653 c7f8dce-c7f8dea 640->653 641->653 654 c7f8eac-c7f8eb3 643->654 655 c7f8e9b-c7f8eaa 643->655 644->653 656 c7f8c7e-c7f8c87 645->656 657 c7f8edb-c7f8ee3 645->657 646->636 686 c7f8eed call c7f95f0 647->686 687 c7f8eed call c7f9600 647->687 648->653 649->653 650->653 651->653 652->653 661 c7f8dec 653->661 662 c7f8df3-c7f8df4 653->662 663 c7f8eba-c7f8ec7 654->663 655->663 664 c7f8c8e-c7f8c96 656->664 665 c7f8c89 656->665 657->653 661->640 661->641 661->642 661->643 661->644 661->645 661->647 661->648 661->649 661->650 661->651 661->652 661->662 662->642 663->653 669 c7f8c97 664->669 665->664 667 c7f8ef3-c7f8efb 667->653 668->648 671 c7f8c9e-c7f8cba 669->671 673 c7f8cbc 671->673 674 c7f8cc3-c7f8cc4 671->674 673->635 673->639 673->640 673->641 673->642 673->643 673->644 673->645 673->646 673->647 673->648 673->649 673->650 673->651 673->652 673->669 673->674 675 c7f8cde-c7f8cec 673->675 676 c7f8cf1-c7f8d24 673->676 677 c7f8d6e-c7f8d6f 673->677 678 c7f8d29-c7f8d2d 673->678 679 c7f8cc9-c7f8cdc 673->679 680 c7f8d60-c7f8d69 673->680 674->677 675->652 676->671 677->668 682 c7f8d2f-c7f8d3e 678->682 683 c7f8d40-c7f8d47 678->683 679->671 680->671 685 c7f8d4e-c7f8d5b 682->685 683->685 685->671 686->667 687->667
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: 9!${m[s
                          • API String ID: 0-624730048
                          • Opcode ID: b5de48d1f52bff5cc96c7deece3e79d703797a3d2cfa5b8bb3947a26cb49ae60
                          • Instruction ID: 6475bf48dbfbe6ded7f155f8ea4592e6192e9216918e6521bf6d5f180c88c07d
                          • Opcode Fuzzy Hash: b5de48d1f52bff5cc96c7deece3e79d703797a3d2cfa5b8bb3947a26cb49ae60
                          • Instruction Fuzzy Hash: C64167B0E06209DFCB58CFA4D1C159DFBF2FF9A210F20A52AD109B7394D63099428B16
                          Function 0C7F2948 Relevance: .3, Instructions: 300COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6dded432114f9942059452eed1adec8c309403a56be8dc6a89387fd4439fd691
                          • Instruction ID: 311fa7aa9450823cbb40439aae3cfb8f101022b326e3f9d8027460da5190ad81
                          • Opcode Fuzzy Hash: 6dded432114f9942059452eed1adec8c309403a56be8dc6a89387fd4439fd691
                          • Instruction Fuzzy Hash: 5FD16934A01208DFDB44DFA8E58498EBFF1FB98311B54E065E409EB3A9EB34A945CF51
                          Function 0C7F2938 Relevance: .3, Instructions: 299COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c07a7d5d63b071b425848cb117779849d26ac78b8dee95628255666e997dd01c
                          • Instruction ID: 855a214f716d0930258e6c42005e0cda3a7241351c48c010d7ec2cc8f1f0ec27
                          • Opcode Fuzzy Hash: c07a7d5d63b071b425848cb117779849d26ac78b8dee95628255666e997dd01c
                          • Instruction Fuzzy Hash: 4ED17A34A01209CFDB44DFA8E58498EBFF1FB98311B14E065E409EB3A9EB349945CF11
                          Function 0C7F3750 Relevance: .2, Instructions: 246COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a806415fd95c4bc7be09dab09af56c3929704f8f499a512811b97cd24aac8659
                          • Instruction ID: 0cafffb7202496c7aaa75abcec8283baa355940996763860daabea58832792b4
                          • Opcode Fuzzy Hash: a806415fd95c4bc7be09dab09af56c3929704f8f499a512811b97cd24aac8659
                          • Instruction Fuzzy Hash: 42A116B4E012499FCB04CFAAD58069EFBF2BF89310F64D12AD514BB369D7349942CB60
                          Function 0C7F3740 Relevance: .2, Instructions: 241COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: afefc10f42cec1bb4a26b79dd5d97b95f79fd78509cb8a0aa4862bc090c2f27b
                          • Instruction ID: 2fb6b3842afcefeb7a38ec5cf18979f5c471d55f5235d91fbf2524921d4975d2
                          • Opcode Fuzzy Hash: afefc10f42cec1bb4a26b79dd5d97b95f79fd78509cb8a0aa4862bc090c2f27b
                          • Instruction Fuzzy Hash: A8A135B4E012599FCB04CFA9D58069EFBF2BF89310F64D12AD508BB369D7349942CB60
                          Function 0C7F3458 Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 635b16c6c7efe284bc1dfd0bf1d7a23fe13160dee8635f0fafbc70d28bb3a1d0
                          • Instruction ID: 4b640085d6e67953e57738f22f900f9b7d189cb162ec4a58f729e8061d639a69
                          • Opcode Fuzzy Hash: 635b16c6c7efe284bc1dfd0bf1d7a23fe13160dee8635f0fafbc70d28bb3a1d0
                          • Instruction Fuzzy Hash: E241BCB5E0064A9FDB05CFA9D8415AEFBB2FF89310F14C02AC924A7364D7349902CFA1
                          Function 00CFCE30 Relevance: 6.1, APIs: 4, Instructions: 136threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 527 cfce30-cfcecf GetCurrentProcess 532 cfced8-cfcf0c GetCurrentThread 527->532 533 cfced1-cfced7 527->533 534 cfcf0e-cfcf14 532->534 535 cfcf15-cfcf49 GetCurrentProcess 532->535 533->532 534->535 537 cfcf4b-cfcf51 535->537 538 cfcf52-cfcf6a 535->538 537->538 541 cfcf73-cfcfa2 GetCurrentThreadId 538->541 542 cfcfab-cfd00d 541->542 543 cfcfa4-cfcfaa 541->543 543->542
                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 00CFCEBE
                          • GetCurrentThread.KERNEL32 ref: 00CFCEFB
                          • GetCurrentProcess.KERNEL32 ref: 00CFCF38
                          • GetCurrentThreadId.KERNEL32 ref: 00CFCF91
                          Memory Dump Source
                          • Source File: 00000000.00000002.2056080720.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_cf0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: 16df89195e5e74d6f50c64bd37888d0171b4862dd664924e33281f51f7f74f07
                          • Instruction ID: cbe8ae8db70cb0575458f3f162b5bb3207674927a29abc4043be4b201656febd
                          • Opcode Fuzzy Hash: 16df89195e5e74d6f50c64bd37888d0171b4862dd664924e33281f51f7f74f07
                          • Instruction Fuzzy Hash: F15189B09013488FDB04DFA9D648BAEBFF5EF48304F20C459E119A7360C7349944CB66
                          Function 00CFCE40 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 549 cfce40-cfcecf GetCurrentProcess 553 cfced8-cfcf0c GetCurrentThread 549->553 554 cfced1-cfced7 549->554 555 cfcf0e-cfcf14 553->555 556 cfcf15-cfcf49 GetCurrentProcess 553->556 554->553 555->556 558 cfcf4b-cfcf51 556->558 559 cfcf52-cfcf6a 556->559 558->559 562 cfcf73-cfcfa2 GetCurrentThreadId 559->562 563 cfcfab-cfd00d 562->563 564 cfcfa4-cfcfaa 562->564 564->563
                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 00CFCEBE
                          • GetCurrentThread.KERNEL32 ref: 00CFCEFB
                          • GetCurrentProcess.KERNEL32 ref: 00CFCF38
                          • GetCurrentThreadId.KERNEL32 ref: 00CFCF91
                          Memory Dump Source
                          • Source File: 00000000.00000002.2056080720.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_cf0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: 8ff1663d7f4bda34c026c207c709d2dc7258258cfed227a7559c21ceb853f162
                          • Instruction ID: f04d5c703c5b774a7007ddd612d6c12748490d1b6fd5cfa0a2a8e4bf2bd845be
                          • Opcode Fuzzy Hash: 8ff1663d7f4bda34c026c207c709d2dc7258258cfed227a7559c21ceb853f162
                          • Instruction Fuzzy Hash: 435177B0A002098FDB54DFA9D648BAEFBF5EF48308F20C459E519A7360C7749944CF66
                          Function 00CFABA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 703 cfaba8-cfabb7 704 cfabb9-cfabc6 call cf9eb0 703->704 705 cfabe3-cfabe7 703->705 712 cfabdc 704->712 713 cfabc8-cfabd6 704->713 706 cfabfb-cfac3c 705->706 707 cfabe9-cfabf3 705->707 714 cfac3e-cfac46 706->714 715 cfac49-cfac57 706->715 707->706 712->705 721 cfad18-cfadd8 713->721 722 cfabd8-cfabda 713->722 714->715 716 cfac7b-cfac7d 715->716 717 cfac59-cfac5e 715->717 723 cfac80-cfac87 716->723 719 cfac69 717->719 720 cfac60-cfac67 call cf9ebc 717->720 727 cfac6b-cfac79 719->727 720->727 755 cfadda-cfaddd 721->755 756 cfade0-cfae0b GetModuleHandleW 721->756 722->712 724 cfac89-cfac91 723->724 725 cfac94-cfac9b 723->725 724->725 728 cfac9d-cfaca5 725->728 729 cfaca8-cfacb1 call cf9ecc 725->729 727->723 728->729 735 cfacbe-cfacc3 729->735 736 cfacb3-cfacbb 729->736 737 cfacc5-cfaccc 735->737 738 cface1-cfacee 735->738 736->735 737->738 740 cfacce-cfacde call cf9edc call cf9eec 737->740 744 cfad11-cfad17 738->744 745 cfacf0-cfad0e 738->745 740->738 745->744 755->756 757 cfae0d-cfae13 756->757 758 cfae14-cfae28 756->758 757->758
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00CFADFE
                          Memory Dump Source
                          • Source File: 00000000.00000002.2056080720.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_cf0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: ecec71d86bfce978cf7b9fc79466dca020e3f72b30710ed6fb7d9a4eba9384aa
                          • Instruction ID: 59a43ad3f57667f22435cdb53b18cf7aa07555421d205989c9ce3761e2e36aba
                          • Opcode Fuzzy Hash: ecec71d86bfce978cf7b9fc79466dca020e3f72b30710ed6fb7d9a4eba9384aa
                          • Instruction Fuzzy Hash: AD7146B0A00B088FDB64DF2AD4417AABBF5FF88304F10892DD59AD7A50D735E945CB92
                          Function 0C7F7B2D Relevance: 1.6, APIs: 1, Instructions: 147processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 760 c7f7b2d-c7f7bc3 762 c7f7bce-c7f7bd5 760->762 763 c7f7bc5-c7f7bcb 760->763 764 c7f7bd7-c7f7bdd 762->764 765 c7f7be0-c7f7bf6 762->765 763->762 764->765 766 c7f7bf8-c7f7bfe 765->766 767 c7f7c01-c7f7c9e CreateProcessW 765->767 766->767 769 c7f7ca7-c7f7d1b 767->769 770 c7f7ca0-c7f7ca6 767->770 778 c7f7d2d-c7f7d34 769->778 779 c7f7d1d-c7f7d23 769->779 770->769 780 c7f7d4b 778->780 781 c7f7d36-c7f7d45 778->781 779->778 783 c7f7d4c 780->783 781->780 783->783
                          APIs
                          • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0C7F7C8B
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: bc416d56e46b591a9db42aac8fdb6b2a3dbafbe734fe25b5c7d240b586b28727
                          • Instruction ID: f25d2e250fa12e1ac8ef60160c3c9367d8f265b5296e86683627eac827c61e78
                          • Opcode Fuzzy Hash: bc416d56e46b591a9db42aac8fdb6b2a3dbafbe734fe25b5c7d240b586b28727
                          • Instruction Fuzzy Hash: 56512671901319DFDB64CF99C880BDDBBB6BF49310F1080AAE908B7254DB759A89CF61
                          Function 0C7F7B38 Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 784 c7f7b38-c7f7bc3 786 c7f7bce-c7f7bd5 784->786 787 c7f7bc5-c7f7bcb 784->787 788 c7f7bd7-c7f7bdd 786->788 789 c7f7be0-c7f7bf6 786->789 787->786 788->789 790 c7f7bf8-c7f7bfe 789->790 791 c7f7c01-c7f7c9e CreateProcessW 789->791 790->791 793 c7f7ca7-c7f7d1b 791->793 794 c7f7ca0-c7f7ca6 791->794 802 c7f7d2d-c7f7d34 793->802 803 c7f7d1d-c7f7d23 793->803 794->793 804 c7f7d4b 802->804 805 c7f7d36-c7f7d45 802->805 803->802 807 c7f7d4c 804->807 805->804 807->807
                          APIs
                          • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0C7F7C8B
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: b28ea380d57781abd6f8a68f24539977aa5f7bbc3a7fec0cc68a049f615057ed
                          • Instruction ID: 91b694115d2d2b53b9850ce3d8c9279af44773385223458ddc85362648120220
                          • Opcode Fuzzy Hash: b28ea380d57781abd6f8a68f24539977aa5f7bbc3a7fec0cc68a049f615057ed
                          • Instruction Fuzzy Hash: 22511771901319DFDB64CF99C880BDDBBB5BF49310F10809AE908B7254DB759A89CF61
                          Function 0C7F8768 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 808 c7f8768-c7f87c1 811 c7f87c3-c7f87cf 808->811 812 c7f87d1-c7f880a WriteProcessMemory 808->812 811->812 813 c7f880c-c7f8812 812->813 814 c7f8813-c7f8834 812->814 813->814
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0C7F87FD
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: afab15ba54892bc3a4e1f4706401373a88e1222e609a425d09a596d516ff958b
                          • Instruction ID: db5f722ab25c712a90d565da22245a8ade9f16703d0af8ced655bce8868cddcb
                          • Opcode Fuzzy Hash: afab15ba54892bc3a4e1f4706401373a88e1222e609a425d09a596d516ff958b
                          • Instruction Fuzzy Hash: 9821F6B59012499FDB10CF9AC885BDEBBF4FF49310F108429E518A3350D778A554CBA5
                          Function 0C7F8770 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 816 c7f8770-c7f87c1 818 c7f87c3-c7f87cf 816->818 819 c7f87d1-c7f880a WriteProcessMemory 816->819 818->819 820 c7f880c-c7f8812 819->820 821 c7f8813-c7f8834 819->821 820->821
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0C7F87FD
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: bc196d892a7362d7f57eb5b167c68fd031ecfb81eca9e6220459c66257b11b7e
                          • Instruction ID: 9c1b832725fb785c45b830b92f3cf2b6686be8b9bf8c8e5183a8a7135365ad7b
                          • Opcode Fuzzy Hash: bc196d892a7362d7f57eb5b167c68fd031ecfb81eca9e6220459c66257b11b7e
                          • Instruction Fuzzy Hash: AD21E4B59012499FCB10CFAAC885BDEFBF4FF49310F10842AE918A3350D778A944CBA5
                          Function 0C7F85F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 828 c7f85f0-c7f8684 ReadProcessMemory 831 c7f868d-c7f86ae 828->831 832 c7f8686-c7f868c 828->832 832->831
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0C7F8677
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: 8437afcadb40db1172baadd99e4f890989a69501352d3f5e3b822bd98ff9a9bc
                          • Instruction ID: b2fe213ea2c93f44a3b7d160430584d7549032f186f0a01bcf6e38d2ddce918f
                          • Opcode Fuzzy Hash: 8437afcadb40db1172baadd99e4f890989a69501352d3f5e3b822bd98ff9a9bc
                          • Instruction Fuzzy Hash: A221F0B1901359DFCB10CF9AC885ADEFBF4FF49310F10842AE918A3250D338A944CBA5
                          Function 00CFD490 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 823 cfd490-cfd524 DuplicateHandle 824 cfd52d-cfd54a 823->824 825 cfd526-cfd52c 823->825 825->824
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CFD517
                          Memory Dump Source
                          • Source File: 00000000.00000002.2056080720.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_cf0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 97596f26a5d9425c962a9489dc9aac34c69586729c45afb77835d1d7608a1abb
                          • Instruction ID: b44f0e5ac745875f60607c7027a1b1ed99f183e6670ceee367ce1f0f4af04d1c
                          • Opcode Fuzzy Hash: 97596f26a5d9425c962a9489dc9aac34c69586729c45afb77835d1d7608a1abb
                          • Instruction Fuzzy Hash: 3721D5B59002489FDB10CF9AD584AEEFFF9FB48314F14841AE919A3350D378A954CFA5
                          Function 0C7F8530 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0C7F85AF
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 9aeb1a7f05f33baf5672b5fec7cd06366bd2a4ebc72a0ee1fa2287317c511133
                          • Instruction ID: 75da4487ecfefaa8c3b9ece631a2e5358ffa59a72131b1ea0ef7220a4389fc91
                          • Opcode Fuzzy Hash: 9aeb1a7f05f33baf5672b5fec7cd06366bd2a4ebc72a0ee1fa2287317c511133
                          • Instruction Fuzzy Hash: 0321E3B19006199BDB00CF9AC885BEEFBF8BB49714F14812AD518A3340D778A945CFA1
                          Function 0C7F85F8 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                          Download Yara Rule
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0C7F8677
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: 18a87124e25561be34daad1af0c4b78bd123986935295c09e62846b5aadb20f0
                          • Instruction ID: 10039d9c73c990c2f31b3e2885fb69d58635ba4af232234afd63444634f96ad7
                          • Opcode Fuzzy Hash: 18a87124e25561be34daad1af0c4b78bd123986935295c09e62846b5aadb20f0
                          • Instruction Fuzzy Hash: 6C21EFB5901249DFCB10CF9AD884ADEFBF8FF49310F10842AE918A3251D378A944CFA5
                          Function 0C7F2838 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0C7F28B3
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 66af1a9411f50e21242d88e4c276288412db523ed8d385be75a1d33ea5a431d8
                          • Instruction ID: 18e107114c29244cb427b62dcfb242c02b756a127ba78b037bef4e3fd133c700
                          • Opcode Fuzzy Hash: 66af1a9411f50e21242d88e4c276288412db523ed8d385be75a1d33ea5a431d8
                          • Instruction Fuzzy Hash: BC21F2B59002499FCB10DF9AC484BDEFBF4FF48320F10842AE958A7251D379AA45CFA1
                          Function 0C7F8538 Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0C7F85AF
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 607342048c1c0feff3f8cec6e1c47455fffd33caf85f193745623467e97d0a84
                          • Instruction ID: d54e61e16b57305e297be126071d8c431bec5b734f0c08fc01c9e17f57fab430
                          • Opcode Fuzzy Hash: 607342048c1c0feff3f8cec6e1c47455fffd33caf85f193745623467e97d0a84
                          • Instruction Fuzzy Hash: 2421F2B19002199FCB00CF9AC885BAEFBF8BB49714F14812AD518A3340D378A9448FA1
                          Function 0C7F2840 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0C7F28B3
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: f7d7916ba010a47b899860890dad9f554d4742ada251c02c76a7c8f746d38810
                          • Instruction ID: 29b0d39989eb7a94d00b76db550abff09113b4fea034a78e4706235dbcbd08f4
                          • Opcode Fuzzy Hash: f7d7916ba010a47b899860890dad9f554d4742ada251c02c76a7c8f746d38810
                          • Instruction Fuzzy Hash: 4E21D3B59002499FCB10DF9AC484ADEFBF8FB48320F10842AE958A7251D378A544CFA1
                          Function 0C7F86C0 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0C7F8733
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: b234748569eee4f80f26d647794d9ca8fb5eef70e6536bb3accaed78f8d8ccc4
                          • Instruction ID: c897900f78fc91fd20aeca828b84fdadc195f2091d9f08dae8497484512161c0
                          • Opcode Fuzzy Hash: b234748569eee4f80f26d647794d9ca8fb5eef70e6536bb3accaed78f8d8ccc4
                          • Instruction Fuzzy Hash: 5311F0B59002499FDB10DF9AC889BDEBFF8EB49314F248419E618A7260C379A544CFA1
                          Function 0C7F86C8 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0C7F8733
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: af0e542e3f1b52046cdf5d87939e446fbf2557a17aef3cef0cf3e728f6c2b5b2
                          • Instruction ID: e5b8d4a8f21c744c4166fda6ed60b6cc1f910377e8bdd2996b41dba9ccdb78b8
                          • Opcode Fuzzy Hash: af0e542e3f1b52046cdf5d87939e446fbf2557a17aef3cef0cf3e728f6c2b5b2
                          • Instruction Fuzzy Hash: 2211E3B5900249DFCB10DF9AC888BDEBFF8FB49310F248419E518A7250C375A544CFA1
                          Function 00CFAD98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00CFADFE
                          Memory Dump Source
                          • Source File: 00000000.00000002.2056080720.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_cf0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: aee089e94d6f7d03a3776ca1f55d6c25d6130b83a2ad8cfea60ef4d836ea2fac
                          • Instruction ID: dcae273891d5be04a378ff32aca94b4772b5084d703a36e8b595787c68d3e009
                          • Opcode Fuzzy Hash: aee089e94d6f7d03a3776ca1f55d6c25d6130b83a2ad8cfea60ef4d836ea2fac
                          • Instruction Fuzzy Hash: C011E0B5C002498FCB10DF9AC444ADEFBF9EF88314F14841AD529A7610C379A545CFA2
                          Function 0C7F8920 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 09ab72d45d94d6f7ae34622c902eabe2123b751984f574877f313a75bda98508
                          • Instruction ID: dc794a5fd177f0f980dbf0ac7e305623490757a9526847ae9ec330caf01c4636
                          • Opcode Fuzzy Hash: 09ab72d45d94d6f7ae34622c902eabe2123b751984f574877f313a75bda98508
                          • Instruction Fuzzy Hash: F51122B18002498FDB10DF9AC489BDEFFF8EB49314F20841AD618A3250C379A544CFA2
                          Function 0C7F9288 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,?,?,?), ref: 0C7F92ED
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: cdcfb9e9d54badffb344d4f4e65a365ef2dd7129625e7c704698d2dccc90e3c4
                          • Instruction ID: 9335d75fe6f0f39df2f13f72fd43f80d5e91cb64f2425760544516ea05274e27
                          • Opcode Fuzzy Hash: cdcfb9e9d54badffb344d4f4e65a365ef2dd7129625e7c704698d2dccc90e3c4
                          • Instruction Fuzzy Hash: 7D11F2B58002489FDB10DF9AD985BDEFBF8EB48324F10841AE918A7250D379A944CFA1
                          Function 0C7F9290 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,?,?,?), ref: 0C7F92ED
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: f16194390f8545a20e8a91355b2483da974cb13d0376bf21e40d999acc0fedac
                          • Instruction ID: a26e9629c96ddd06103853978ca14c84bcc8ec51d7168f4971b68320d6244a3d
                          • Opcode Fuzzy Hash: f16194390f8545a20e8a91355b2483da974cb13d0376bf21e40d999acc0fedac
                          • Instruction Fuzzy Hash: BA1103B58003489FCB10DF9AC485BDEFBF8FB48320F10841AD518A3210C379A544CFA1
                          Function 0C7F8928 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 66d75c475483a4ec51032c99a527a11fb07ed463facf553f122439743143722c
                          • Instruction ID: d481f9013953ed76d70b10c81b4922b465e9477166e48ab3696eaf1d9c097893
                          • Opcode Fuzzy Hash: 66d75c475483a4ec51032c99a527a11fb07ed463facf553f122439743143722c
                          • Instruction Fuzzy Hash: 511103B18002498FCB10DF9AD484BDEFBF8EB49314F20841AD518A3250C379A544CFA5
                          Function 0C7FA8F8 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule
                          APIs
                          • CloseHandle.KERNELBASE(?), ref: 0C7FA950
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID:
                          • API String ID: 2962429428-0
                          • Opcode ID: 9e16672a0baed0a15269e166e58720df446131060b6b4b28e63fe01dc01dd372
                          • Instruction ID: bf95fcb4bf8d8850645620f477e27319331ea88f52a3ef510fb7ddd19676bc69
                          • Opcode Fuzzy Hash: 9e16672a0baed0a15269e166e58720df446131060b6b4b28e63fe01dc01dd372
                          • Instruction Fuzzy Hash: 821103B58002498FCB20DF9AC585BDEBBF4EF48320F24842AD568A7350D738A944CFA5
                          Function 00C1D1D4 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2055867464.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c1d000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8c09d65bbbd82a8ebf9f1162ebc2f6f3a28bc9494bd90bd3beb9ea607a58fa58
                          • Instruction ID: f5f6ff95a7965148155d878b4e853b42049630606df4b94fa525f9dbb55bd57c
                          • Opcode Fuzzy Hash: 8c09d65bbbd82a8ebf9f1162ebc2f6f3a28bc9494bd90bd3beb9ea607a58fa58
                          • Instruction Fuzzy Hash: E821F571504204EFDB05DF14D5C0B66BBA5FB85314F20C6ADE91A4B356C33ADC86EA61
                          Function 00C1D01C Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2055867464.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c1d000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f1e24ac08952e7ea86a96b869cd3d2fbdce064585810d595d056e5737808fde5
                          • Instruction ID: 5c91b1f0e4129f9696c909d54b4feba84df6486891e3fe299337927a33b52d83
                          • Opcode Fuzzy Hash: f1e24ac08952e7ea86a96b869cd3d2fbdce064585810d595d056e5737808fde5
                          • Instruction Fuzzy Hash: 2921F275604204DFCB14DF24D9C4B66BF65FB89314F20C5ADE90A4B396C33AD887EA62
                          Function 00C1D005 Relevance: .1, Instructions: 62COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2055867464.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c1d000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ade61a8e551f5515387a10adc6dade5334cbbd3ed71e0051f3edc5ec90ea3d00
                          • Instruction ID: 961bead65471060af383800d4c0322cac11d115843066f7e1a6c460e79dde2ee
                          • Opcode Fuzzy Hash: ade61a8e551f5515387a10adc6dade5334cbbd3ed71e0051f3edc5ec90ea3d00
                          • Instruction Fuzzy Hash: B2219F755093C08FCB02CF24D994715BF71EB4A314F28C5EAD8498F2A7C33A984ADB62
                          Function 00C1D1CF Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2055867464.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c1d000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                          • Instruction ID: b2706f1c8b5518256cef6cb9fc2ecbf6eebbf3c5a1ad08527fcb02ca7e135f8e
                          • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                          • Instruction Fuzzy Hash: C211BB75504280DFCB02CF14C5C4B15BBA1FB85314F24C6A9D85A4B696C33AD89ADB62

                          Non-executed Functions

                          Function 0C7F7D80 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: (`#4
                          • API String ID: 0-2466779193
                          • Opcode ID: 69ee15b6a25baca6e79e5f275792b62bbd13392be30fa87f1938e51a8b18fbc9
                          • Instruction ID: 100b3eaa6c82a4a93f08fcfaf698480fcea2e0d4ee8a47b78ce71d0e5045cc30
                          • Opcode Fuzzy Hash: 69ee15b6a25baca6e79e5f275792b62bbd13392be30fa87f1938e51a8b18fbc9
                          • Instruction Fuzzy Hash: FED13E74E112199FCB14CFA9C980AAEFBF2BF89300F24D169D508A7356D730AA41CF61
                          Function 0C7F7D71 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: (`#4
                          • API String ID: 0-2466779193
                          • Opcode ID: ab4d229b1509c8c8a6a70c168e8d86d95a8030bdfc9b02d368e6d7eab3e44a6f
                          • Instruction ID: 617e22fd4bfc33088ce8fea102c0c10ed0763508379d8d4e6f24c875dbe1cab5
                          • Opcode Fuzzy Hash: ab4d229b1509c8c8a6a70c168e8d86d95a8030bdfc9b02d368e6d7eab3e44a6f
                          • Instruction Fuzzy Hash: 78D13F74E152199FCB14CFA9C981AAEFBF2BF89300F24D169D508A7356D7309A41CF61
                          Function 0C7F81A6 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: (`#4
                          • API String ID: 0-2466779193
                          • Opcode ID: bf6d96c940597bf2c534994e6023f1e02896d000ef91f4b80a90b0adddf96798
                          • Instruction ID: 87929841fc04667e1e76e3c6053b466136e5a76a26cb526fdd2f00e3d243fa9a
                          • Opcode Fuzzy Hash: bf6d96c940597bf2c534994e6023f1e02896d000ef91f4b80a90b0adddf96798
                          • Instruction Fuzzy Hash: C0B13C74E15219DFCB14CFA8C980AAEFBF2BF89300F649169D505AB356D730AA41CF61
                          Function 0C7F5FD0 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: /R
                          • API String ID: 0-4208049266
                          • Opcode ID: a7f00d789a0ce93fd0ddde52d313cb6dd8756c40aa0776c4a7fab23b06832775
                          • Instruction ID: 2b8e322111d0e7f13b512ee2d5ecdb65b77170695ab5cee3ca7980fc4ee25a3b
                          • Opcode Fuzzy Hash: a7f00d789a0ce93fd0ddde52d313cb6dd8756c40aa0776c4a7fab23b06832775
                          • Instruction Fuzzy Hash: D381F7B4E1520ACB8B44CFE6D5859AEFBB2FF99210F20942AD515F7314E7349A028F94
                          Function 0C7F5FC1 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: /R
                          • API String ID: 0-4208049266
                          • Opcode ID: d02113898a9e389f82e90c857947e4e1654486711a5d37125a7595dfa5ebe84c
                          • Instruction ID: 2cede9147ba7ea42e856a63946f76ebef184ba3fc055cb9931273964a49e1d1f
                          • Opcode Fuzzy Hash: d02113898a9e389f82e90c857947e4e1654486711a5d37125a7595dfa5ebe84c
                          • Instruction Fuzzy Hash: 4181F7B4E0520ACBCB44CFE6D5859AEBBB2FF99210F20942AD515F7314E7349A428F94
                          Function 00CFD3B4 Relevance: .3, Instructions: 264COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2056080720.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_cf0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5449cd64fd5e4d571b40ea6a12bb5755307db42fd857f27832b973bcedd798c7
                          • Instruction ID: 096e70be8bb6450c4af79cfbcb2d0e460a0781377794416ba7919d2cd9fa2b66
                          • Opcode Fuzzy Hash: 5449cd64fd5e4d571b40ea6a12bb5755307db42fd857f27832b973bcedd798c7
                          • Instruction Fuzzy Hash: 85A16E32E002198FCF05DFB5C8445EEBBB2FF85300B15857AEA16AB261DB31E916DB51
                          Function 0C7F2E50 Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4adfe1dd09c544c642f5487947dbbdc5ed252f15a8bd6ad6ee0a9f528de67f1f
                          • Instruction ID: a53dffed888281d18c659d093e7dadc0f38c299f7c3a6a953f7c229ed5d0add1
                          • Opcode Fuzzy Hash: 4adfe1dd09c544c642f5487947dbbdc5ed252f15a8bd6ad6ee0a9f528de67f1f
                          • Instruction Fuzzy Hash: DC510974E112199FDB14CF9AD9806AEFBF2BF89300F24C1A9D508A7325D730AA41CF61
                          Function 0C7F2E34 Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bd2f99e298fc74fc8f9a5d6b4354af5a96019432bcccdcda08d698fd017c6762
                          • Instruction ID: 79f105503bec96ac40f3c94b2b7a9b3bd6b174f763aaf99b31ca3138135f0185
                          • Opcode Fuzzy Hash: bd2f99e298fc74fc8f9a5d6b4354af5a96019432bcccdcda08d698fd017c6762
                          • Instruction Fuzzy Hash: F5510C74E156199FDB14CFA9C98069EFBF2BF89300F24C1AAD508A7326D7309A45CF61
                          Function 0C7F0007 Relevance: .1, Instructions: 125COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 30ae8f4ca7659639000b2e0b3e5e5fa2270382e80fecec798706579dfda31f4e
                          • Instruction ID: 84b3b9429ad2183b3102e971fec5bd65f467e5717b594e202dcd5a1331481696
                          • Opcode Fuzzy Hash: 30ae8f4ca7659639000b2e0b3e5e5fa2270382e80fecec798706579dfda31f4e
                          • Instruction Fuzzy Hash: 34516B71E056588FEB19CF6B8D4468AFBF3AFC9200F18C1BA854CAA265DB3449468F11
                          Function 0C7F6608 Relevance: .1, Instructions: 116COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c7796e4e2525e172e4147a31d64b5e68bfdb8478b43bfc38c2031a095fdbe967
                          • Instruction ID: 11472cc6db2c72760c303251b0f50870eb1c6748d7bfbcefef67d1e5352895d8
                          • Opcode Fuzzy Hash: c7796e4e2525e172e4147a31d64b5e68bfdb8478b43bfc38c2031a095fdbe967
                          • Instruction Fuzzy Hash: EA513F71E5161A8BDB28CF66C9447D9BBB2FFD9300F1082E6D50DA7614EB705A81DF40
                          Function 0C7F0040 Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6d0b9140f23254c54f7fbee45c209ece946c9dae5a59272c23427c2f6d272a93
                          • Instruction ID: 36c006c698fe71375ae20425f6887df2fdd2279e49a2099007927781701c41fd
                          • Opcode Fuzzy Hash: 6d0b9140f23254c54f7fbee45c209ece946c9dae5a59272c23427c2f6d272a93
                          • Instruction Fuzzy Hash: F3414CB1E016188BEB18CF6B8D4469EFBF7AFC9300F14C1BA850CA6225DB7409868F51
                          Function 0C7F65FB Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e81e830c97639a92cded5c4849d560d2270ee669ffb769e57d741e3627e272d6
                          • Instruction ID: 4e2a2af3f4ed80cfaba7c82138d01b507474ea7c3b2c37f1cb3d0911c6de6338
                          • Opcode Fuzzy Hash: e81e830c97639a92cded5c4849d560d2270ee669ffb769e57d741e3627e272d6
                          • Instruction Fuzzy Hash: F5412C71E1161A8BDB68CF66CD84799BBB2FFD9300F1082EAD50CA7614EB705E819F40
                          Function 0C7F65F9 Relevance: .1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2060291839.000000000C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C7F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_c7f0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b678166efed3b0864d4f0542d1d29764381c2437a711a9b695e86ec7b9e9623f
                          • Instruction ID: 2e275fa963464f610ee8711705ab708a0a80bd640d4428f88e9e4c4bed3869c2
                          • Opcode Fuzzy Hash: b678166efed3b0864d4f0542d1d29764381c2437a711a9b695e86ec7b9e9623f
                          • Instruction Fuzzy Hash: A8410C70E5161A8BDB68CF65C984799FBB2FFD9300F10C2EAD50CA7614EB705A819F40

                          Execution Graph

                          Execution Coverage:13.9%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:194
                          Total number of Limit Nodes:18
                          execution_graph 52803 6486548 52804 6486558 52803->52804 52807 64834d4 52804->52807 52808 64865a0 KiUserCallbackDispatcher 52807->52808 52810 648655f 52808->52810 52811 134d01c 52812 134d034 52811->52812 52813 134d08e 52812->52813 52819 162b238 52812->52819 52827 16268f0 52812->52827 52831 16268e0 52812->52831 52835 16247ac 52812->52835 52843 1626a7f 52812->52843 52822 162b275 52819->52822 52820 162b2a9 52862 162a16c 52820->52862 52822->52820 52823 162b299 52822->52823 52850 162b3c0 52823->52850 52856 162b3d0 52823->52856 52824 162b2a7 52828 1626916 52827->52828 52829 16247ac 3 API calls 52828->52829 52830 1626937 52829->52830 52830->52813 52832 16268f0 52831->52832 52833 16247ac 3 API calls 52832->52833 52834 1626937 52833->52834 52834->52813 52836 16247b7 52835->52836 52837 162b2a9 52836->52837 52840 162b299 52836->52840 52838 162a16c 3 API calls 52837->52838 52839 162b2a7 52838->52839 52841 162b3c0 3 API calls 52840->52841 52842 162b3d0 3 API calls 52840->52842 52841->52839 52842->52839 52844 1626a82 52843->52844 52846 1626a0d 52843->52846 52946 16232fc 52844->52946 52846->52813 52847 1626a89 52849 1626af7 52847->52849 52951 1623aec 52847->52951 52852 162b3d0 52850->52852 52851 162a16c 3 API calls 52851->52852 52852->52851 52853 162b4c7 52852->52853 52869 6486648 52852->52869 52874 6486642 52852->52874 52853->52824 52858 162b3de 52856->52858 52857 162a16c 3 API calls 52857->52858 52858->52857 52859 162b4c7 52858->52859 52860 6486648 2 API calls 52858->52860 52861 6486642 2 API calls 52858->52861 52859->52824 52860->52858 52861->52858 52863 162a177 52862->52863 52864 162b5e4 52863->52864 52865 162b53a 52863->52865 52867 16247ac 2 API calls 52864->52867 52866 162b592 CallWindowProcW 52865->52866 52868 162b541 52865->52868 52866->52868 52867->52868 52868->52824 52870 6486654 52869->52870 52871 6486873 52870->52871 52879 6486eba 52870->52879 52885 6486ec0 52870->52885 52871->52852 52876 6486648 52874->52876 52875 6486873 52875->52852 52876->52875 52877 6486eba 2 API calls 52876->52877 52878 6486ec0 2 API calls 52876->52878 52877->52876 52878->52876 52881 6486ec0 52879->52881 52880 6486edc 52880->52870 52881->52880 52891 6486f08 52881->52891 52905 6486f02 52881->52905 52882 6486ef1 52882->52870 52887 6486ec8 52885->52887 52886 6486edc 52886->52870 52887->52886 52889 6486f08 2 API calls 52887->52889 52890 6486f02 2 API calls 52887->52890 52888 6486ef1 52888->52870 52889->52888 52890->52888 52892 6486f1a 52891->52892 52893 6486f35 52892->52893 52895 6486f79 52892->52895 52899 6486f08 2 API calls 52893->52899 52900 6486f02 2 API calls 52893->52900 52894 6486f3b 52894->52882 52919 64870a8 52895->52919 52923 64870b8 52895->52923 52896 6486ff5 52898 6486ff9 52896->52898 52927 64871d0 52896->52927 52931 64871c0 52896->52931 52897 6487017 52897->52882 52898->52882 52899->52894 52900->52894 52906 6486f08 52905->52906 52907 6486f79 52906->52907 52908 6486f35 52906->52908 52912 64870a8 OleInitialize 52907->52912 52913 64870b8 OleInitialize 52907->52913 52914 6486f08 2 API calls 52908->52914 52915 6486f02 2 API calls 52908->52915 52909 6486ff5 52911 6486ff9 52909->52911 52916 64871c0 OleGetClipboard 52909->52916 52917 64871d0 OleGetClipboard 52909->52917 52910 6487017 52910->52882 52911->52882 52912->52909 52913->52909 52918 6486f3b 52914->52918 52915->52918 52916->52910 52917->52910 52918->52882 52920 64870b8 52919->52920 52935 6486a9c 52920->52935 52924 64870c0 52923->52924 52925 6486a9c OleInitialize 52924->52925 52926 64870c9 52925->52926 52926->52896 52929 64871e5 52927->52929 52930 648720b 52929->52930 52942 6486bc0 52929->52942 52930->52897 52932 64871d0 52931->52932 52933 6486bc0 OleGetClipboard 52932->52933 52934 648720b 52932->52934 52933->52932 52934->52897 52936 6486aa7 52935->52936 52938 64870c9 52936->52938 52939 6486aac 52936->52939 52938->52896 52940 6487130 OleInitialize 52939->52940 52941 6487194 52940->52941 52941->52938 52943 6487278 OleGetClipboard 52942->52943 52945 6487312 52943->52945 52948 1623307 52946->52948 52947 162512b 52947->52847 52948->52947 52955 1625320 52948->52955 52968 1625330 52948->52968 52952 1625690 GetModuleHandleW 52951->52952 52954 1625705 52952->52954 52954->52849 52956 1625345 52955->52956 52957 1623aec GetModuleHandleW 52956->52957 52958 162538a 52956->52958 52957->52958 52959 1623aec GetModuleHandleW 52958->52959 52967 1625556 52958->52967 52960 16254db 52959->52960 52961 16255b1 52960->52961 52964 1623aec GetModuleHandleW 52960->52964 52960->52967 52961->52947 52962 16256d8 GetModuleHandleW 52963 1625705 52962->52963 52963->52947 52965 1625529 52964->52965 52966 1623aec GetModuleHandleW 52965->52966 52965->52967 52966->52967 52967->52961 52967->52962 52969 1625345 52968->52969 52970 1623aec GetModuleHandleW 52969->52970 52971 162538a 52969->52971 52970->52971 52972 1623aec GetModuleHandleW 52971->52972 52980 1625556 52971->52980 52973 16254db 52972->52973 52974 16255b1 52973->52974 52977 1623aec GetModuleHandleW 52973->52977 52973->52980 52974->52947 52975 16256d8 GetModuleHandleW 52976 1625705 52975->52976 52976->52947 52978 1625529 52977->52978 52979 1623aec GetModuleHandleW 52978->52979 52978->52980 52979->52980 52980->52974 52980->52975 52981 16219a8 52982 16219d7 52981->52982 52985 1621714 52982->52985 52984 1621afc 52986 162171f 52985->52986 52987 1622062 52986->52987 52990 1624be0 52986->52990 53002 1624b89 52986->53002 52987->52984 52991 1624c0b 52990->52991 52992 16232fc 3 API calls 52991->52992 52993 1624c72 52992->52993 52999 16232fc 3 API calls 52993->52999 53014 1625111 52993->53014 52994 1624c8e 52995 1623aec GetModuleHandleW 52994->52995 52997 1624cba 52994->52997 52996 1624cfe 52995->52996 53020 16266c0 52996->53020 53027 16266e8 52996->53027 52999->52994 53003 1624b92 53002->53003 53003->52987 53004 16232fc 3 API calls 53003->53004 53005 1624c72 53004->53005 53010 1625111 3 API calls 53005->53010 53011 16232fc 3 API calls 53005->53011 53006 1624c8e 53007 1623aec GetModuleHandleW 53006->53007 53009 1624cba 53006->53009 53008 1624cfe 53007->53008 53012 16266c0 2 API calls 53008->53012 53013 16266e8 CreateWindowExW 53008->53013 53010->53006 53011->53006 53012->53009 53013->53009 53015 162512b 53014->53015 53016 162512f 53014->53016 53015->52994 53017 162526e 53016->53017 53018 1625320 2 API calls 53016->53018 53019 1625330 2 API calls 53016->53019 53018->53017 53019->53017 53021 1626726 CreateWindowExW 53020->53021 53022 16266ee 53020->53022 53026 162685c 53021->53026 53023 162671d 53022->53023 53030 1624784 53022->53030 53023->52997 53028 1624784 CreateWindowExW 53027->53028 53029 162671d 53028->53029 53029->52997 53031 1626738 CreateWindowExW 53030->53031 53033 162685c 53031->53033 53034 162a638 53035 162a68f DuplicateHandle 53034->53035 53036 162a6ce 53035->53036

                          Executed Functions

                          Function 015092E8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 896 15092e8-1509352 call 1508ee8 LdrInitializeThunk 905 1509358-1509372 896->905 906 150949b-15094b8 896->906 905->906 909 1509378-1509392 905->909 918 15094bd-15094c6 906->918 912 1509394-1509396 909->912 913 1509398 909->913 915 150939b-15093f6 call 1506884 912->915 913->915 925 15093f8-15093fa 915->925 926 15093fc 915->926 927 15093ff-1509499 call 1506884 925->927 926->927 927->918
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512261774.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1500000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: LRjq$LRjq
                          • API String ID: 2994545307-348097489
                          • Opcode ID: 4bf5d3d5fada28d4896988aac1824d0fa4635e5d95c3b024abb3b1f83f28ac7e
                          • Instruction ID: 06f3163603db4056cdfc966c437abc9414e736eca70184da75c0f64159b81748
                          • Opcode Fuzzy Hash: 4bf5d3d5fada28d4896988aac1824d0fa4635e5d95c3b024abb3b1f83f28ac7e
                          • Instruction Fuzzy Hash: 46518671A002069FCB05EFB8D994AAEB7F9FF85304F148969D4169F299DF34E804CB90
                          Function 014AB698 Relevance: 2.9, Instructions: 2881COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5f65755041044ed579a384c0861616c4483fa7602aa5b7a72e8ba1a371e1c439
                          • Instruction ID: 5ce1e3c1e7def2d655877d48df12c48b4a50075bbce50a887f8ee44251819027
                          • Opcode Fuzzy Hash: 5f65755041044ed579a384c0861616c4483fa7602aa5b7a72e8ba1a371e1c439
                          • Instruction Fuzzy Hash: 0063EB30D10B1A8ECB11EF68C994699F7B1FF99300F55D69AE45877221EB70AAC4CF81
                          Function 014AB697 Relevance: 2.8, Instructions: 2761COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a594f842080895e042bf22480f8d2870c3c336cfe9f8737e88abb20c7e6fc912
                          • Instruction ID: e4a0d1c3b899f1d3d03f713a83fb78d97fe510a1560bf0f5c71baaf897fe9234
                          • Opcode Fuzzy Hash: a594f842080895e042bf22480f8d2870c3c336cfe9f8737e88abb20c7e6fc912
                          • Instruction Fuzzy Hash: 5453EC30D10B1A8ECB11EF68C994699F7B1FF99300F55D69AE45877221EB70AAC4CF81
                          Function 01506890 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 0150A2C3
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512261774.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1500000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: HookWindows
                          • String ID:
                          • API String ID: 2559412058-0
                          • Opcode ID: 9afc5df35f0d3ec2333acd5893c52e9b6e1dae8f502a8ebfdb506ef94ba8b5b6
                          • Instruction ID: 1011d3352994fe7697c299a4f0129b3ef6fb6a63807924555d5b8560d898e1fa
                          • Opcode Fuzzy Hash: 9afc5df35f0d3ec2333acd5893c52e9b6e1dae8f502a8ebfdb506ef94ba8b5b6
                          • Instruction Fuzzy Hash: B82127B59002599FDB14DF9AC844BEEFBF5FF88310F10842AE519A7290C775A944CFA0
                          Function 014A70C8 Relevance: .7, Instructions: 731COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 841e0e1c6d51473f699294f4ec6ed16dc1e75dcb45b078532ed50855137ac112
                          • Instruction ID: cb0766e759163bcafea3123abb61809863fc9793146a497682a4d0ccd9de49dc
                          • Opcode Fuzzy Hash: 841e0e1c6d51473f699294f4ec6ed16dc1e75dcb45b078532ed50855137ac112
                          • Instruction Fuzzy Hash: 3642BF34B002058FDB25EBB8D9547AE7BF6AF88311F11846AE506DB3A5DB36DC41CB90
                          Function 014AE720 Relevance: .3, Instructions: 318COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e2fe03249ba6398f42c19f92bca71549eb65af732d3601fb39b6b869c2b876fe
                          • Instruction ID: f3ab17d5ae4fe390e7742b04248c819028b955ccc308f1e1090521170ddea823
                          • Opcode Fuzzy Hash: e2fe03249ba6398f42c19f92bca71549eb65af732d3601fb39b6b869c2b876fe
                          • Instruction Fuzzy Hash: 89B1E831A002058FCB15CB6DC8A46AEBBE2FFD5320F5AC52AD529AB392C634DC45C764
                          Function 01509288 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 832 1509288-1509289 833 15092da-15092dd 832->833 834 150928b-1509295 832->834 835 150932e 833->835 836 15092df-15092e1 833->836 837 1509297-15092a7 834->837 838 15092cb 834->838 839 1509332-1509333 835->839 836->839 840 15092e3-150932d call 1508ee8 836->840 841 15092a9-15092b3 837->841 842 15092cc-15092d8 837->842 843 15092c0-15092c6 839->843 844 1509334-1509352 LdrInitializeThunk 839->844 840->844 846 15092b5-15092bc 841->846 847 15092c8-15092ca 841->847 842->833 843->847 853 1509358-1509372 844->853 854 150949b-15094b8 844->854 846->843 847->838 853->854 858 1509378-1509392 853->858 869 15094bd-15094c6 854->869 863 1509394-1509396 858->863 864 1509398 858->864 866 150939b-15093f6 call 1506884 863->866 864->866 876 15093f8-15093fa 866->876 877 15093fc 866->877 878 15093ff-1509499 call 1506884 876->878 877->878 878->869
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512261774.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1500000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: LRjq$LRjq
                          • API String ID: 2994545307-348097489
                          • Opcode ID: 69554b43dcb4fd41d59c47a73306e0d8b30b27d8c680da17fab573c1d4f29218
                          • Instruction ID: dcda156acf9834fa174b3bcd9c0484f0fc75374685c77bcefeed3e9948073a78
                          • Opcode Fuzzy Hash: 69554b43dcb4fd41d59c47a73306e0d8b30b27d8c680da17fab573c1d4f29218
                          • Instruction Fuzzy Hash: 4451D671A002069FCB05EFB8D994AAE7BF5FF85304F14896AD415DF29AEB34D804CB50
                          Function 01625330 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 292COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 945 1625330-1625356 948 16253a7-16253af 945->948 949 1625358-162536f 945->949 950 16253b1-16253b6 call 16246e0 948->950 951 16253f5-162543e call 16246ec 948->951 956 1625371-1625377 949->956 957 1625379 949->957 954 16253bb-16253f0 950->954 974 1625444-162548f 951->974 975 16255eb-162561d 951->975 968 1625492-1625494 954->968 958 162537f-1625385 call 1623aec 956->958 957->958 962 162538a-16253a1 call 16246d4 958->962 962->948 970 16255bd-16255e4 962->970 1036 1625497 call 1625938 968->1036 1037 1625497 call 1625929 968->1037 970->975 971 162549d-16254eb call 1623aec call 16246f8 998 16254f0-16254f4 971->998 974->968 992 1625624-1625668 975->992 1006 16256a4-16256d0 992->1006 1007 162566a-162567e 992->1007 999 16255b1-16255bc 998->999 1000 16254fa-1625507 998->1000 1003 16255ad-16255af 1000->1003 1004 162550d-162553a call 1623aec call 16246ec 1000->1004 1003->992 1003->999 1004->1003 1019 162553c-162554a 1004->1019 1009 16256d2-16256d5 1006->1009 1010 16256d8-1625703 GetModuleHandleW 1006->1010 1009->1010 1011 1625705-162570b 1010->1011 1012 162570c-1625720 1010->1012 1011->1012 1019->1003 1020 162554c-1625563 call 1623aec call 1624704 1019->1020 1025 1625570-162559f call 16246f8 1020->1025 1026 1625565-162556e call 16246f8 1020->1026 1025->1003 1034 16255a1-16255ab 1025->1034 1026->1003 1034->1003 1034->1025 1036->971 1037->971
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 016256F6
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID: #"
                          • API String ID: 4139908857-2415436313
                          • Opcode ID: 60d85fc415df2932736739bcc46eae7cfbbac50579b4656efba303eea7d63ca1
                          • Instruction ID: 853681dddecef0d0db06bec7ccad3844a5fc05917f393c26160fbe3e1f09a507
                          • Opcode Fuzzy Hash: 60d85fc415df2932736739bcc46eae7cfbbac50579b4656efba303eea7d63ca1
                          • Instruction Fuzzy Hash: BFB15C70A00B169FCB24EF69D894AAEBBF6FF88310B108529D406DB755DB74E805CF94
                          Function 016266C0 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                          Download Yara Rule
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0162684A
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: 1c58131ec11e9d6f7453da927b96b46c5e794bc569dd4b0e4289fdef9c0e8bdb
                          • Instruction ID: 7a8c724b1ea3b0a8862cfb66e6a548c6e5200257fc0918b55e524d4e02b1df08
                          • Opcode Fuzzy Hash: 1c58131ec11e9d6f7453da927b96b46c5e794bc569dd4b0e4289fdef9c0e8bdb
                          • Instruction Fuzzy Hash: B8610EB1C00349AFDF06CFA9C984ADDBFB1BF49304F15816AE818AB221D7759995CF90
                          Function 01624784 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                          Download Yara Rule
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0162684A
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: 632f8af9235e6e1727afb2cb712f8c2ca4c299001ba2b3879bcf06a16a6a707c
                          • Instruction ID: 4467136f9176ac92783d2a90952a35c590c139e7a31a0f0cdc02a1d7363ba808
                          • Opcode Fuzzy Hash: 632f8af9235e6e1727afb2cb712f8c2ca4c299001ba2b3879bcf06a16a6a707c
                          • Instruction Fuzzy Hash: C151CEB5D00319EFDB14CF9AC884ADEBFB5BF48300F24812AE819AB210D775A841CF90
                          Function 0162A16C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                          Download Yara Rule
                          APIs
                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 0162B5B9
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CallProcWindow
                          • String ID:
                          • API String ID: 2714655100-0
                          • Opcode ID: e60e8d3e819f136543da4bba979e3dbece41153b22515ec5ad6b1b039ac0e2c6
                          • Instruction ID: 0e5a5e1eaf032eece00a2ab69954703b78d04fd7caa7972abcd7546615a05779
                          • Opcode Fuzzy Hash: e60e8d3e819f136543da4bba979e3dbece41153b22515ec5ad6b1b039ac0e2c6
                          • Instruction Fuzzy Hash: 5D4115B59006198FDB14CF99C888AAABBF5FB88314F24C459E519AB321D735A841CFA0
                          Function 06486079 Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                          Download Yara Rule
                          APIs
                          • DeleteFileW.KERNELBASE(00000000), ref: 06486148
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: DeleteFile
                          • String ID:
                          • API String ID: 4033686569-0
                          • Opcode ID: 4b4d196f23be9028b44a1dec234c13367df237ebcabfca9dc4eb4e61947403b6
                          • Instruction ID: f3cf6e6f74a9883aad77206a72ae8596fd6fc557a4905d8cdc6fccb6ea52ad8c
                          • Opcode Fuzzy Hash: 4b4d196f23be9028b44a1dec234c13367df237ebcabfca9dc4eb4e61947403b6
                          • Instruction Fuzzy Hash: 4931AEB5D006098FDB10DFA9C8057AEBBF5EF09310F15C46AD818A7342D738A945CFA5
                          Function 0648726D Relevance: 1.6, APIs: 1, Instructions: 75comclipboardCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: Clipboard
                          • String ID:
                          • API String ID: 220874293-0
                          • Opcode ID: c7de3bbaf2dfe13e68d302612dda2abe1b9dccac38eb056fd21ba39ee5f1ec79
                          • Instruction ID: 1cf295b72e2386a18c23b74a9e4168ab1f2ce11632020918785fa25a967d8a81
                          • Opcode Fuzzy Hash: c7de3bbaf2dfe13e68d302612dda2abe1b9dccac38eb056fd21ba39ee5f1ec79
                          • Instruction Fuzzy Hash: C1311FB0D01249DFDB10DF98C985BDDBBF1AF08304F24802AE408BB7A4D7B59845CB66
                          Function 06486BC0 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: Clipboard
                          • String ID:
                          • API String ID: 220874293-0
                          • Opcode ID: 6fbedce11b41b087b010967d8a89c0b90d019935b63c5f06a17aaaee20f2364e
                          • Instruction ID: 9b28ff3bb1b980bb95a4249144c62ecd2f5635d86be4a88eb00e18cb49c226a2
                          • Opcode Fuzzy Hash: 6fbedce11b41b087b010967d8a89c0b90d019935b63c5f06a17aaaee20f2364e
                          • Instruction Fuzzy Hash: E63120B0D01248DFDB10DF99C984BDEBBF5AF48304F24802AE404BB394D7B5A845CBA2
                          Function 0162A630 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                          Download Yara Rule
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0162A6BF
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 92a955821701aff6c65e316a8eb3dec1390cb2d830ba286b9927bf05179826a4
                          • Instruction ID: 1ecda1bb92eef5487536a8a8f16284f7c740ab4a5f58df40846043faa20b728d
                          • Opcode Fuzzy Hash: 92a955821701aff6c65e316a8eb3dec1390cb2d830ba286b9927bf05179826a4
                          • Instruction Fuzzy Hash: 6C2116B58002189FDB10CF9AD884AEEFFF8FB48314F14841AE918A3310D378A944CFA5
                          Function 0162A638 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0162A6BF
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 1f0f7cb3fc49f362d28484e0590112590e6d65d0b3cacdd9939bb3749a40d52e
                          • Instruction ID: 78b9ba3a6227de1407974b28fabc2a43019be24f1cf5089c478f4e59273b70bb
                          • Opcode Fuzzy Hash: 1f0f7cb3fc49f362d28484e0590112590e6d65d0b3cacdd9939bb3749a40d52e
                          • Instruction Fuzzy Hash: 2321F5B59002589FDB10CFAAD984ADEFFF9FB48310F14841AE918A3350D379A944CFA4
                          Function 0150A240 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 0150A2C3
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512261774.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1500000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: HookWindows
                          • String ID:
                          • API String ID: 2559412058-0
                          • Opcode ID: aed98fd9fe29fcc58f2ac1ab2b9a52f726af7874076a27bf2f69f3fe4a14f633
                          • Instruction ID: 77e8eb5c7c44b3a3cb3ea16b5a79076e91c793fd79b7b5ab7d3060974f1412c2
                          • Opcode Fuzzy Hash: aed98fd9fe29fcc58f2ac1ab2b9a52f726af7874076a27bf2f69f3fe4a14f633
                          • Instruction Fuzzy Hash: E72104B5D002199FDB14CF99D844BEEBBF5FF88320F10842AD419A7254C779A944CFA0
                          Function 06483488 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                          Download Yara Rule
                          APIs
                          • DeleteFileW.KERNELBASE(00000000), ref: 06486148
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: DeleteFile
                          • String ID:
                          • API String ID: 4033686569-0
                          • Opcode ID: 84e0c87b2418ff0badb26b4657b27286f946b11eeee80f8295a77d7e7f13ad27
                          • Instruction ID: 276535102f43089af4ff9678734bc11b787a7552a0052ec1b64bb0c0d3ef4e4b
                          • Opcode Fuzzy Hash: 84e0c87b2418ff0badb26b4657b27286f946b11eeee80f8295a77d7e7f13ad27
                          • Instruction Fuzzy Hash: E72130B5C0065A9FCB50DF9AC845BAEFBB4EB08324F11812AD818A7341D738A944CFE4
                          Function 01623AEC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 016256F6
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: c0a6ea504684161650b7f8fd6db066537d08ffc0de0d87468ffa2bdfc1b8ba98
                          • Instruction ID: 3f0553662c7f317a8eed2edbe907741dfa8ca5c7d02f730ecef093e679bdb60b
                          • Opcode Fuzzy Hash: c0a6ea504684161650b7f8fd6db066537d08ffc0de0d87468ffa2bdfc1b8ba98
                          • Instruction Fuzzy Hash: 6B11F0B5C007598FDB20DF9AD844BEEFBF4EB48220F10846AD91AB7610C379A545CFA5
                          Function 064834D4 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                          Download Yara Rule
                          APIs
                          • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,0648655F), ref: 064865FF
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CallbackDispatcherUser
                          • String ID:
                          • API String ID: 2492992576-0
                          • Opcode ID: a517dc65afe2a1e4f49342218c37cc23541f7dc9176e9e2026e5dd628bcfe4d5
                          • Instruction ID: afabe1dee62488c4390513c2393a5fd07d561a96db9b3efb317cb1332efcf053
                          • Opcode Fuzzy Hash: a517dc65afe2a1e4f49342218c37cc23541f7dc9176e9e2026e5dd628bcfe4d5
                          • Instruction Fuzzy Hash: 7C1125B58002488FCB60EF9AC448B9EFBF4EB48314F20841AD519B7310D779A940CFA5
                          Function 01625688 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 016256F6
                          Memory Dump Source
                          • Source File: 00000003.00000002.4512995930.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_1620000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: 8baf3c746082987b1ac517ab7f4b3574c9378c580716b17f19936c7abc6864f0
                          • Instruction ID: e3d7178fc1b3734fbcb9394e6cd80323b3be28fc07c91800e414f09043dc2145
                          • Opcode Fuzzy Hash: 8baf3c746082987b1ac517ab7f4b3574c9378c580716b17f19936c7abc6864f0
                          • Instruction Fuzzy Hash: 381104B6C006598FDB20CF9AD944BEEFBF5AF48210F14845AD919B7710C379A545CFA0
                          Function 0648659A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                          Download Yara Rule
                          APIs
                          • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,0648655F), ref: 064865FF
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: CallbackDispatcherUser
                          • String ID:
                          • API String ID: 2492992576-0
                          • Opcode ID: c10383e62fd607ba6e7372c1fd4d100082eede20aabfeefaaa26ed5b08d7130c
                          • Instruction ID: c376f8745ae04cf1761bf1f262fdb5dcbff7e8589eeabd59c30c176f6820e372
                          • Opcode Fuzzy Hash: c10383e62fd607ba6e7372c1fd4d100082eede20aabfeefaaa26ed5b08d7130c
                          • Instruction Fuzzy Hash: 051125B58002488FCB20DFAAC845BDEFBF4EB48314F20841AD519B7350C779A940CFA5
                          Function 06486AAC Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                          Download Yara Rule
                          APIs
                          • OleInitialize.OLE32(00000000), ref: 06487185
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: Initialize
                          • String ID:
                          • API String ID: 2538663250-0
                          • Opcode ID: 49f64ac90eb4c93ea448c56edbd840a11243f238bcb92669923c36759ea8789c
                          • Instruction ID: 9777b0ff179441407d5a23629ced2e4314243f74871aa21c326b3ecdc4da5dcc
                          • Opcode Fuzzy Hash: 49f64ac90eb4c93ea448c56edbd840a11243f238bcb92669923c36759ea8789c
                          • Instruction Fuzzy Hash: 741122B58002488FCB20DF9AC449B9EFFF4EB48214F20841AE518A7710D379A940CBA4
                          Function 06487128 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                          Download Yara Rule
                          APIs
                          • OleInitialize.OLE32(00000000), ref: 06487185
                          Memory Dump Source
                          • Source File: 00000003.00000002.4525109799.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6480000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID: Initialize
                          • String ID:
                          • API String ID: 2538663250-0
                          • Opcode ID: 97d1be4927853447de5aebc55ae9f548eeb5d15d406bb2de21c3fee67c69a54c
                          • Instruction ID: 96ab75a9667df7d3046de0dc5e1af49d06db8ca4afa9c2f55aa7cfb0aaccda8d
                          • Opcode Fuzzy Hash: 97d1be4927853447de5aebc55ae9f548eeb5d15d406bb2de21c3fee67c69a54c
                          • Instruction Fuzzy Hash: 7E1103B58003498FCB20DF9AC945BDEFBF4EB48324F24845AD519A7710C379A544CFA5
                          Function 014A0040 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: 7aa60d250017159a90d3ec7c32eeea253cf2253724bf809fde8b5df9b4f4b0fe
                          • Instruction ID: e841b4ff95e144f15aa29ae314ca7213e958464eff2b6362ba182d369615cc22
                          • Opcode Fuzzy Hash: 7aa60d250017159a90d3ec7c32eeea253cf2253724bf809fde8b5df9b4f4b0fe
                          • Instruction Fuzzy Hash: E161BD313142058FD704DF79D894AAB7BE9AF5925078644AAF91ACB372DB32EC41CB60
                          Function 014A8478 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHjq
                          • API String ID: 0-751881793
                          • Opcode ID: dc0f0503d01b5c07fa716d9c4608c5c1ac3662693863b8ddbad20b86386b7c75
                          • Instruction ID: 19ffe0f14e73ae29a302ff74d9dd977bad8f4ad639d0e23c30755fe37c5a44ae
                          • Opcode Fuzzy Hash: dc0f0503d01b5c07fa716d9c4608c5c1ac3662693863b8ddbad20b86386b7c75
                          • Instruction Fuzzy Hash: 9C319031B002058FCB199B78D55466FBAEAFF88701F558429D806EB3A8DF34EC05CB91
                          Function 014A8469 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHjq
                          • API String ID: 0-751881793
                          • Opcode ID: 242045c581f492ef0724a069c9fd9defbc5e5fc882f679456d76e8fc1b9fbcae
                          • Instruction ID: 3dfbdb37c437bd18e3cd9a83e3ad1008bf6ed7ea41385447e314cfc1e87c9496
                          • Opcode Fuzzy Hash: 242045c581f492ef0724a069c9fd9defbc5e5fc882f679456d76e8fc1b9fbcae
                          • Instruction Fuzzy Hash: C631AF31B002058FDB589B78D55866EBBA6FF88701F518429D406EB3A9DF70DC06CB90
                          Function 014A8718 Relevance: .7, Instructions: 656COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3842f3f8789db36ece75a92202e3f657255b88ea7d2ad08612a59fdb882ec820
                          • Instruction ID: 4dc8640230c302c65875754178565358fc6cd7fb216313571013ac5b3ea0c7a3
                          • Opcode Fuzzy Hash: 3842f3f8789db36ece75a92202e3f657255b88ea7d2ad08612a59fdb882ec820
                          • Instruction Fuzzy Hash: C9424B34A00209CFDB64DF68C484A9EBBB2FB59315F95846AE409DB366DB35DC81CF80
                          Function 014A7F89 Relevance: .4, Instructions: 423COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 11067562b2599abe737f07e582f293d1b1dc95401278d6ada626f83ddb52bc56
                          • Instruction ID: a7aadf751e1ff1a18a0c7c5a7e1a04a18fd36356e175aef351a5d46e945f9307
                          • Opcode Fuzzy Hash: 11067562b2599abe737f07e582f293d1b1dc95401278d6ada626f83ddb52bc56
                          • Instruction Fuzzy Hash: 56E190307197864FD35697788C15AA73BF29B92305F5680F7E144CB2A3EA39DC06CB62
                          Function 014A8EA0 Relevance: .4, Instructions: 377COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b444503c4352d11003b9e34a431e615a9610a5e154ce91279ef198dc318cd28e
                          • Instruction ID: f57d3c10a69f5ce573d444f64b88da275144940e508177b59c168354a150a22f
                          • Opcode Fuzzy Hash: b444503c4352d11003b9e34a431e615a9610a5e154ce91279ef198dc318cd28e
                          • Instruction Fuzzy Hash: D9E17C30A00214CFC724EF68C558A5EBBF6EF98319F95986AE4069B3A4DB75EC41CF40
                          Function 014A17D8 Relevance: .2, Instructions: 227COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c7be67e69d966246759661e859eb22de06b5a814f98914d2bba08286168d971e
                          • Instruction ID: 709acc15450d62e0e2facd1ad33ab0fbf6c9e9c59c1404150332839f0114447c
                          • Opcode Fuzzy Hash: c7be67e69d966246759661e859eb22de06b5a814f98914d2bba08286168d971e
                          • Instruction Fuzzy Hash: 07916D35A00215DFCB15CF69C884AAEBBB9FF64710F46846AE9199B372D730EC41CB90
                          Function 014AB318 Relevance: .2, Instructions: 169COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bfc93b3329cc1663c7c6c62e4fc234ae08435a63430bb79e45542118826ec417
                          • Instruction ID: 4d0e75f1f7ac8b2576046079e8f3649a65fdd6b8a0f10e2bce8aba9e91c7a26d
                          • Opcode Fuzzy Hash: bfc93b3329cc1663c7c6c62e4fc234ae08435a63430bb79e45542118826ec417
                          • Instruction Fuzzy Hash: 6151E430B002048BDB25CB2DC54475EBBA2EF95308F65C2AAD40D9F7AAD776D845C751
                          Function 014A7020 Relevance: .1, Instructions: 142COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: efd4cfe1853ba2818369fd3c9861062ab8ee6a1ca97ca459e9c6685005d3fdcd
                          • Instruction ID: f2c4c8f2738853fac0811eea6fcfcfe65a92888ed36d397d7619912906f8b525
                          • Opcode Fuzzy Hash: efd4cfe1853ba2818369fd3c9861062ab8ee6a1ca97ca459e9c6685005d3fdcd
                          • Instruction Fuzzy Hash: 7A4125B0C483488FCB66CF69D4954D9BFB0FF15334B5582AFD9009B222E3765845CBA0
                          Function 014AB219 Relevance: .1, Instructions: 131COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b79994fe6bb7e8f0e5a3b91891271142d34265d5fd388cab83a5099a095ac0ee
                          • Instruction ID: 07a75833ab9d1ac3a4251dbcb3187c4771e6022b4b61f4e73ad2c6390a1d6231
                          • Opcode Fuzzy Hash: b79994fe6bb7e8f0e5a3b91891271142d34265d5fd388cab83a5099a095ac0ee
                          • Instruction Fuzzy Hash: 9A417130A493814FD756872C886566A7FA19F93304F6AC1FBD048CF6A7D679C80AC752
                          Function 014A7D71 Relevance: .1, Instructions: 129COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0401c1549d2292e6b2aa3bf2fad8c82b1fe82756284d0a412eb2e9ee867f5c99
                          • Instruction ID: a5fb5aa8c713fb23ef91344e447e836680e7527b02a13055a2e4c118cb91a011
                          • Opcode Fuzzy Hash: 0401c1549d2292e6b2aa3bf2fad8c82b1fe82756284d0a412eb2e9ee867f5c99
                          • Instruction Fuzzy Hash: 2A516978E11249CFCB85EFA4E99899DBBB9FF48300F504566D405A736CDB34A909CF50
                          Function 014A7D80 Relevance: .1, Instructions: 125COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dbb8f3d142993bec5a59c9a87994cee12862f1aa6cb57977eb901762a59672fe
                          • Instruction ID: db4a654680d0f404caefaed2231ed5b83afd2985a566729d27fa589c03604280
                          • Opcode Fuzzy Hash: dbb8f3d142993bec5a59c9a87994cee12862f1aa6cb57977eb901762a59672fe
                          • Instruction Fuzzy Hash: C5515878E112498FCF84EFA4E99899DBBB9FF48300F508566D405A736CDB34A909CF90
                          Function 014AA282 Relevance: .1, Instructions: 119COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c132828c97f5c458fddd1d0d80aa1ac81924f2aa01ada0a7cbe0f910230423b4
                          • Instruction ID: 050f7b1fe0f83096f94a9b14aa13209125c29ca9d0eda0634c40249e0e5e3e3d
                          • Opcode Fuzzy Hash: c132828c97f5c458fddd1d0d80aa1ac81924f2aa01ada0a7cbe0f910230423b4
                          • Instruction Fuzzy Hash: FC41E335F042518FCB62DFB898446AE7BF5AF58350F11806BD505EB365EB359C02CBA1
                          Function 014A79D1 Relevance: .1, Instructions: 97COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: edb030aa5e7e0f64bb6681b5b6524fde6a0b4a0b0c73a760f83ada08bbe59d44
                          • Instruction ID: 9da6adb36e1abde3de390292408a63a8738585454e1ca0eabf1cc2215ffb1b91
                          • Opcode Fuzzy Hash: edb030aa5e7e0f64bb6681b5b6524fde6a0b4a0b0c73a760f83ada08bbe59d44
                          • Instruction Fuzzy Hash: 3A3128357093448FD71297B898286A73BB69B85301F1544FBD109CB397EA39DC06C751
                          Function 014AA2E0 Relevance: .1, Instructions: 93COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9fe04039ba4b509223f15ed6a6d2730bc0b9085887cdf63a694f83ce642d0e1f
                          • Instruction ID: 2ddfaa1d7685ab7b05cd638a98a92eb666e3f36246e5e40bfc73d5adba03ffe3
                          • Opcode Fuzzy Hash: 9fe04039ba4b509223f15ed6a6d2730bc0b9085887cdf63a694f83ce642d0e1f
                          • Instruction Fuzzy Hash: A231E031F002168FCF21ABB999446AE7BE6EF98340F11842AD905EB358EF74DC41CB95
                          Function 014AA15E Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 36ecb4857a6c5f016212e7edda6dc3c787a448c059bda7f32a452655139a6991
                          • Instruction ID: f964a0cf4b5aadc7301c262a97ad5b056407826032289dc28fd2c0acc8d2b867
                          • Opcode Fuzzy Hash: 36ecb4857a6c5f016212e7edda6dc3c787a448c059bda7f32a452655139a6991
                          • Instruction Fuzzy Hash: B031C274B002069FDB51DB6CC8545AA7BF1EFA9310B92806BD004D7365EA359C06CB91
                          Function 0134D01C Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4508886581.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_134d000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 026c121b0d7879e82ad3eaf1d576d26f07b3e35c9cdf8f3a206430649dfdd0d0
                          • Instruction ID: f6601778b081d1e4955188188f63b63e65673864839a1127544e5b659ef8c1d7
                          • Opcode Fuzzy Hash: 026c121b0d7879e82ad3eaf1d576d26f07b3e35c9cdf8f3a206430649dfdd0d0
                          • Instruction Fuzzy Hash: 7B210471604204DFDB15DFA8D9C4B26BFA9FB98358F20C56DD90A4B356C33AE407CA61
                          Function 014AB4E8 Relevance: .1, Instructions: 71COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 98719d600ffc7abc1ef2d8fb8935113d9c0b6f31c4f7e6b9b687c52d21a5bd08
                          • Instruction ID: 6fc427f6d60a11546dbb835dfe1912b703f661d27d13abfb9f53647cdb1f4e2b
                          • Opcode Fuzzy Hash: 98719d600ffc7abc1ef2d8fb8935113d9c0b6f31c4f7e6b9b687c52d21a5bd08
                          • Instruction Fuzzy Hash: 1321A470B002158FDB18DB69C518BAE7AE6EF98718F65816AE501EB3B0DA718C008B90
                          Function 014AB4E7 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 103e6b7c6fef01294b6bb6df58a33df265b1c2166fd37271dc2220c565b28835
                          • Instruction ID: 90dc1eb1248206eb22207fed7db8462a5b8f0e8b72d9fab3c0a361830aa0bbc9
                          • Opcode Fuzzy Hash: 103e6b7c6fef01294b6bb6df58a33df265b1c2166fd37271dc2220c565b28835
                          • Instruction Fuzzy Hash: 4221A571B102158FDB08DB69C518BAE7BF6FF98714F55816AE501EB3B0DB718D008B50
                          Function 014A940A Relevance: .1, Instructions: 65COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 702b6678e50b6ad899293d24e2b0eb1d754e3bfc0cdbe580524b6def0310d223
                          • Instruction ID: 5f28e7ca075c1101037f3441e3384672f9f6db3016f7783f533530119e99d4d1
                          • Opcode Fuzzy Hash: 702b6678e50b6ad899293d24e2b0eb1d754e3bfc0cdbe580524b6def0310d223
                          • Instruction Fuzzy Hash: 11110138B042099FC745EB6CCC44AAF77E2ABE8324B45C077D109CB369EA34DC018752
                          Function 014AB317 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e03fe335ba38acd5a7d35b93a212614947405e5f19c4f22cd3120f7e34611a1a
                          • Instruction ID: f6c2af21f96f32ad44b1c954681f463af732938c9e36cf822d25d92795452081
                          • Opcode Fuzzy Hash: e03fe335ba38acd5a7d35b93a212614947405e5f19c4f22cd3120f7e34611a1a
                          • Instruction Fuzzy Hash: 17219630B4424049DB36861C828535E6F86DFA3608F69D6BBD05D4EB9FC777D84A8353
                          Function 014A7A80 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c490fce36085b0f38f2486dd077e0f81ab2a7085b84f8fd358f2733da0ab4a6a
                          • Instruction ID: a3bff1f0010a03a72f6f96f88fb834384c1259d3dbdf957cfd2f31dd12158255
                          • Opcode Fuzzy Hash: c490fce36085b0f38f2486dd077e0f81ab2a7085b84f8fd358f2733da0ab4a6a
                          • Instruction Fuzzy Hash: E611B635B001194BCF25ABB8982859E76E6EFC8315B414579D507E7394EF399C028BD1
                          Function 0134D006 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4508886581.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_134d000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41c5e2838b51bfe4124a8a89f626edf02eb46bdf17715f86452ca01b0555435d
                          • Instruction ID: 11c90171468d5308e39e376891274329945f44a52895c82eded5d3315dd9c71e
                          • Opcode Fuzzy Hash: 41c5e2838b51bfe4124a8a89f626edf02eb46bdf17715f86452ca01b0555435d
                          • Instruction Fuzzy Hash: 752180755083809FCB03CF54D994711BFB1EB56214F28C5DAD8498F2A7C33A980ACB62
                          Function 014AB130 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: df27381a8d0a87ce42b1b228512607bf952cd3f3d8993f5f6eb1373304deb643
                          • Instruction ID: 2c4eff96b87eabbc02adc1f68a7d8b6e14a72b088382669e97d273101c9de326
                          • Opcode Fuzzy Hash: df27381a8d0a87ce42b1b228512607bf952cd3f3d8993f5f6eb1373304deb643
                          • Instruction Fuzzy Hash: F111D074F043558FC752ABB8880826E3BE6DF45350B5580BBD118DB7A6EA34CD02CB91
                          Function 014A70B8 Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 312ec7524e16f3f3a6e53dda7ce0fe7c49f225191f16356fa99188be0eee1c05
                          • Instruction ID: bcbaa1e265c4b4961188260afe1c04b2fe56236ddd2191eedbaa12fa28630c3c
                          • Opcode Fuzzy Hash: 312ec7524e16f3f3a6e53dda7ce0fe7c49f225191f16356fa99188be0eee1c05
                          • Instruction Fuzzy Hash: 85216D70E002098FCB54DFA8E6855AEFBF2FF98311F15912AD908A7211E7319981CB95
                          Function 014A19A0 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e5dd22ebb44c2ff6635969b5009895707e6cdd0f73052bca88881b002e06073e
                          • Instruction ID: abb014e37bab32641a7b42ca0eef12466493661e7cdaecbd3da43306f6e3fd9e
                          • Opcode Fuzzy Hash: e5dd22ebb44c2ff6635969b5009895707e6cdd0f73052bca88881b002e06073e
                          • Instruction Fuzzy Hash: 13116D71A0025A9FCB00DFA9D8445AFBBF9FB58311F51842AE515E7350E7748901CBA1
                          Function 014AA1C0 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3ce2a10d53ba7467d7c66ddeee0aadf664b83a4d422b7c4f0014472e2b756424
                          • Instruction ID: 9c270033563aed99e55004c4042b5b041b7c82c967c5241a4d133ca35d64693e
                          • Opcode Fuzzy Hash: 3ce2a10d53ba7467d7c66ddeee0aadf664b83a4d422b7c4f0014472e2b756424
                          • Instruction Fuzzy Hash: 84115275F001169FCB50EBBDD85499EB7F5EB98611B51802AD409E7324EF349D028B91
                          Function 014A9460 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e6a4daa203a3bc2e1b0f792acf3eb472149d65991d4efdd9ca9a103fbc37f382
                          • Instruction ID: 117290e4c828cb7406a5fe567c612683262a58f4e598ddfee455126ab8741fc4
                          • Opcode Fuzzy Hash: e6a4daa203a3bc2e1b0f792acf3eb472149d65991d4efdd9ca9a103fbc37f382
                          • Instruction Fuzzy Hash: D8113C74F0011A8FCB50EFBDD85099EB7F5FB98615B50803AD009E7368EB349D028B90
                          Function 014A9340 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41e9b1dc033dbd183b37052a71b78585524c089994c7d34b2a3f1546d7f78279
                          • Instruction ID: c2d6df0a002a4cff1480f115a3092ab94827549ce21fb5f8f7d1309ba9df16c1
                          • Opcode Fuzzy Hash: 41e9b1dc033dbd183b37052a71b78585524c089994c7d34b2a3f1546d7f78279
                          • Instruction Fuzzy Hash: CB115E75F0012A8FCB90EF7DD8549AEB7F5FB98611B41802AD109E7368EF349D028B90
                          Function 014A83A8 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9a16dceb5469c01c2cde84e4b29232699b925b2f62076a4e5ddc5f6f38c6d0f6
                          • Instruction ID: 55ed0e4aaeeee17862a98369c74571c561ff8e949ba3dd44865c3df14beb76cd
                          • Opcode Fuzzy Hash: 9a16dceb5469c01c2cde84e4b29232699b925b2f62076a4e5ddc5f6f38c6d0f6
                          • Instruction Fuzzy Hash: D011EF39B002199FCB64EFBDE85499EBBF5FB88611B10952AE409D3354EF349D02CB91
                          Function 014AB190 Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3bb0bd235510303485e85bedb9baa41df64a46e90e4214e594acf5868d629165
                          • Instruction ID: f421644ccca7e1551d080d9bbed7ddcf2aa175df8719845b681cdf5253c259ed
                          • Opcode Fuzzy Hash: 3bb0bd235510303485e85bedb9baa41df64a46e90e4214e594acf5868d629165
                          • Instruction Fuzzy Hash: 83F08275F001195FCB90ABB954081AF7AF9DB98251F45047AD509E3304EE349E0287D1
                          Function 014A6BF0 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 372c9e9806f338bf1713f49e96729c65dd7506e72cce90752ede1cbb79e6c3a5
                          • Instruction ID: e2784ab9b41950d64f1fe74db1851d4df57fd8e657f90cff0a3a23755c41f731
                          • Opcode Fuzzy Hash: 372c9e9806f338bf1713f49e96729c65dd7506e72cce90752ede1cbb79e6c3a5
                          • Instruction Fuzzy Hash: 8FF0A7B6E102158FC7909BAC994A1EE7BF8EAC82317154577D50AE3610EB308A028BD1
                          Function 014A8409 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a9b1a880f97dddc98d49b658ea8aa052ad0fa0e12cb4a57b337c512b53dd9fc7
                          • Instruction ID: 67e068de2a031593f58b991c38730448376a3254bc314215e78500c0466b2082
                          • Opcode Fuzzy Hash: a9b1a880f97dddc98d49b658ea8aa052ad0fa0e12cb4a57b337c512b53dd9fc7
                          • Instruction Fuzzy Hash: D1E0C939B001299BCF64EBF8E85889DB7F6FF98221B109436E509D3364EE349C01CB91
                          Function 014A6C00 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2cf4c49820b82bea58ae81c3564c95fee5e61b9809cc8ef2b4d9e47faeacbe93
                          • Instruction ID: a8d678e1967f0f2999cedb443be784ca22e1a89e8b20cc2f59830d7c66b678c0
                          • Opcode Fuzzy Hash: 2cf4c49820b82bea58ae81c3564c95fee5e61b9809cc8ef2b4d9e47faeacbe93
                          • Instruction Fuzzy Hash: 05E01276E001299F87509BAD98055AFBFFDEA8D221B054476E51ED3300EA304A018BD1
                          Function 014A94BF Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5f1df134806b69fc276f2dd8d2269a45359484e1495cbc398af656b8de99edcf
                          • Instruction ID: 35267dd643aa5906689e45792678b0b08a11df86fce9c9c3c89874c57b816640
                          • Opcode Fuzzy Hash: 5f1df134806b69fc276f2dd8d2269a45359484e1495cbc398af656b8de99edcf
                          • Instruction Fuzzy Hash: B3E0ED35B1002A8BCF44FBFCD85489DB3E6EFE8265751803AD505E7264EE349C118B51
                          Function 014A939F Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1be403a60a04c4aedf2ab31caaf712bf0a7e837fca314fbbcbbe5904f6eba9f1
                          • Instruction ID: 06533a226e588fe5df0323814ea119f4c5c039ca4180e87c25018e86b3611337
                          • Opcode Fuzzy Hash: 1be403a60a04c4aedf2ab31caaf712bf0a7e837fca314fbbcbbe5904f6eba9f1
                          • Instruction Fuzzy Hash: 41E0ED35B0002A8BCF44FBBCD85489DB3F6EFE8661751803AD505E7264EE349C118B51
                          Function 014AA21F Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a8a272beb4d02086075e401fb83b612d29b80ae55afd7c76d4380b5e3b286582
                          • Instruction ID: 17408cd6c546fd3c9287b6ddd23ba19201d818dbb872646feea178d729f96fcf
                          • Opcode Fuzzy Hash: a8a272beb4d02086075e401fb83b612d29b80ae55afd7c76d4380b5e3b286582
                          • Instruction Fuzzy Hash: 56E0C975B0002A9B8F44EBF8D85489DB3A6EBE8661751802AD505E7724EE349D118BA1
                          Function 014A44F9 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.4511494043.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_14a0000_Urunla 0010_Fiyat Talap Teklif ID56313.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e14250013a9f4b06995924f787be9a28ce8bfbb4f987344e4796d18d7cf8f070
                          • Instruction ID: 34582918b74d14fd83ca760ad08c578abe7065302a44fd511f50d067f960f0ff
                          • Opcode Fuzzy Hash: e14250013a9f4b06995924f787be9a28ce8bfbb4f987344e4796d18d7cf8f070
                          • Instruction Fuzzy Hash: 9DD0EC79B042188FCB68DBB5F8981ADBB76FBC8311F55906AE50AA3144CF3159068F00

                          Execution Graph

                          Execution Coverage:8.8%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:125
                          Total number of Limit Nodes:12
                          execution_graph 20443 ce42144 20444 ce42147 20443->20444 20445 ce4210e 20443->20445 20445->20443 20446 ce42840 VirtualProtect 20445->20446 20447 ce4283f VirtualProtect 20445->20447 20446->20445 20447->20445 20404 2f3aab0 20408 2f3aba8 20404->20408 20413 2f3ab98 20404->20413 20405 2f3aabf 20409 2f3abdc 20408->20409 20410 2f3abb9 20408->20410 20409->20405 20410->20409 20411 2f3ade0 GetModuleHandleW 20410->20411 20412 2f3ae0d 20411->20412 20412->20405 20414 2f3abb9 20413->20414 20415 2f3abdc 20413->20415 20414->20415 20416 2f3ade0 GetModuleHandleW 20414->20416 20415->20405 20417 2f3ae0d 20416->20417 20417->20405 20448 2f3d490 DuplicateHandle 20449 2f3d526 20448->20449 20418 ce4072f 20422 ce42840 20418->20422 20425 ce4283f 20418->20425 20419 ce40743 20423 ce42888 VirtualProtect 20422->20423 20424 ce428c2 20423->20424 20424->20419 20426 ce42888 VirtualProtect 20425->20426 20427 ce428c2 20426->20427 20427->20419 20428 ce48928 20429 ce48969 ResumeThread 20428->20429 20430 ce48996 20429->20430 20458 ce4a908 CloseHandle 20459 ce4a96f 20458->20459 20460 2f3ce40 20461 2f3ce86 GetCurrentProcess 20460->20461 20463 2f3ced1 20461->20463 20464 2f3ced8 GetCurrentThread 20461->20464 20463->20464 20465 2f3cf15 GetCurrentProcess 20464->20465 20466 2f3cf0e 20464->20466 20467 2f3cf4b 20465->20467 20466->20465 20468 2f3cf73 GetCurrentThreadId 20467->20468 20469 2f3cfa4 20468->20469 20470 ce403d2 20472 ce42840 VirtualProtect 20470->20472 20473 ce4283f VirtualProtect 20470->20473 20471 ce403e6 20472->20471 20473->20471 20435 ce48538 20436 ce48580 Wow64SetThreadContext 20435->20436 20438 ce485be 20436->20438 20474 ce49098 20475 ce49223 20474->20475 20476 ce490be 20474->20476 20476->20475 20479 ce49311 20476->20479 20482 ce49318 PostMessageW 20476->20482 20480 ce49318 PostMessageW 20479->20480 20481 ce49384 20480->20481 20481->20476 20483 ce49384 20482->20483 20483->20476 20484 ce458db 20489 ce45f70 20484->20489 20494 ce45f5f 20484->20494 20500 ce45f6f 20484->20500 20485 ce458f2 20490 ce45f8d 20489->20490 20505 ce46307 20490->20505 20514 ce46308 20490->20514 20491 ce45fb0 20491->20485 20495 ce45fa6 20494->20495 20496 ce45f63 20494->20496 20497 ce45fb0 20495->20497 20498 ce46307 8 API calls 20495->20498 20499 ce46308 8 API calls 20495->20499 20496->20485 20497->20485 20498->20497 20499->20497 20501 ce45f8d 20500->20501 20503 ce46307 8 API calls 20501->20503 20504 ce46308 8 API calls 20501->20504 20502 ce45fb0 20502->20485 20503->20502 20504->20502 20506 ce4632f 20505->20506 20507 ce463c2 20506->20507 20523 ce473ae 20506->20523 20528 ce46852 20506->20528 20532 ce46ae0 20506->20532 20536 ce474e7 20506->20536 20541 ce46dd4 20506->20541 20545 ce467e8 20506->20545 20507->20491 20515 ce4632f 20514->20515 20516 ce463c2 20515->20516 20517 ce46dd4 2 API calls 20515->20517 20518 ce474e7 2 API calls 20515->20518 20519 ce46ae0 2 API calls 20515->20519 20520 ce46852 2 API calls 20515->20520 20521 ce473ae 2 API calls 20515->20521 20522 ce467e8 2 API calls 20515->20522 20516->20491 20517->20515 20518->20515 20519->20515 20520->20515 20521->20515 20522->20515 20524 ce473bf 20523->20524 20549 ce485f0 20524->20549 20553 ce485f8 20524->20553 20525 ce473d7 20556 ce47b37 20528->20556 20560 ce47b38 20528->20560 20564 ce48770 20532->20564 20568 ce48768 20532->20568 20533 ce46b04 20537 ce474f0 20536->20537 20539 ce48770 WriteProcessMemory 20537->20539 20540 ce48768 WriteProcessMemory 20537->20540 20538 ce4751c 20539->20538 20540->20538 20572 ce486c8 20541->20572 20575 ce486c0 20541->20575 20542 ce46dee 20547 ce48770 WriteProcessMemory 20545->20547 20548 ce48768 WriteProcessMemory 20545->20548 20546 ce4668e 20546->20506 20547->20546 20548->20546 20550 ce485f8 ReadProcessMemory 20549->20550 20552 ce48686 20550->20552 20552->20525 20554 ce48643 ReadProcessMemory 20553->20554 20555 ce48686 20554->20555 20555->20525 20557 ce47bb7 CreateProcessW 20556->20557 20559 ce47ca0 20557->20559 20561 ce47bb7 CreateProcessW 20560->20561 20563 ce47ca0 20561->20563 20563->20563 20565 ce487bb WriteProcessMemory 20564->20565 20567 ce4880c 20565->20567 20567->20533 20569 ce487bb WriteProcessMemory 20568->20569 20571 ce4880c 20569->20571 20571->20533 20573 ce4870b VirtualAllocEx 20572->20573 20574 ce48742 20573->20574 20574->20542 20576 ce4870b VirtualAllocEx 20575->20576 20577 ce48742 20576->20577 20577->20542

                          Executed Functions

                          Function 02F3CE30 Relevance: 6.1, APIs: 4, Instructions: 138threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 526 2f3ce30-2f3cecf GetCurrentProcess 530 2f3ced1-2f3ced7 526->530 531 2f3ced8-2f3cf0c GetCurrentThread 526->531 530->531 532 2f3cf15-2f3cf49 GetCurrentProcess 531->532 533 2f3cf0e-2f3cf14 531->533 535 2f3cf52-2f3cf6d call 2f3d419 532->535 536 2f3cf4b-2f3cf51 532->536 533->532 539 2f3cf73-2f3cfa2 GetCurrentThreadId 535->539 536->535 540 2f3cfa4-2f3cfaa 539->540 541 2f3cfab-2f3d00d 539->541 540->541
                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 02F3CEBE
                          • GetCurrentThread.KERNEL32 ref: 02F3CEFB
                          • GetCurrentProcess.KERNEL32 ref: 02F3CF38
                          • GetCurrentThreadId.KERNEL32 ref: 02F3CF91
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339658248.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2f30000_kmk.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: 5125d613203a6e8ede4eee993a52274b9c68db9e4c23f339a4400c28e87a402e
                          • Instruction ID: 77ca0c2ab4620c31eae7a70e8438cfc3ceb7563cc25528ef45a622c7f756de5a
                          • Opcode Fuzzy Hash: 5125d613203a6e8ede4eee993a52274b9c68db9e4c23f339a4400c28e87a402e
                          • Instruction Fuzzy Hash: 5E5165B09012498FDB14DFA9D549BEEBBF1FF88304F20845AE509A7360D738A944CF61
                          Function 02F3CE40 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 548 2f3ce40-2f3cecf GetCurrentProcess 552 2f3ced1-2f3ced7 548->552 553 2f3ced8-2f3cf0c GetCurrentThread 548->553 552->553 554 2f3cf15-2f3cf49 GetCurrentProcess 553->554 555 2f3cf0e-2f3cf14 553->555 557 2f3cf52-2f3cf6d call 2f3d419 554->557 558 2f3cf4b-2f3cf51 554->558 555->554 561 2f3cf73-2f3cfa2 GetCurrentThreadId 557->561 558->557 562 2f3cfa4-2f3cfaa 561->562 563 2f3cfab-2f3d00d 561->563 562->563
                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 02F3CEBE
                          • GetCurrentThread.KERNEL32 ref: 02F3CEFB
                          • GetCurrentProcess.KERNEL32 ref: 02F3CF38
                          • GetCurrentThreadId.KERNEL32 ref: 02F3CF91
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339658248.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2f30000_kmk.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: 3440a9facc5e9bbbf34ea76798c0b4f8e0816694dcb135ba2affe9e98d63d3a6
                          • Instruction ID: 304044a18eb63b6f2bbb17a016e23b36714fd4f808ea274c35e1c198b7bf8de3
                          • Opcode Fuzzy Hash: 3440a9facc5e9bbbf34ea76798c0b4f8e0816694dcb135ba2affe9e98d63d3a6
                          • Instruction Fuzzy Hash: 245154B09113498FDB14DFAAD548BAEBBF5EF48304F20C45AE509A7360D738A944CF65
                          Function 0CE48768 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66injectionCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 570 ce48768-ce487c1 572 ce487d1-ce4880a WriteProcessMemory 570->572 573 ce487c3-ce487cf 570->573 574 ce48813-ce48834 572->574 575 ce4880c-ce48812 572->575 573->572 575->574
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0CE487FD
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-3916222277
                          • Opcode ID: c8ba360b8bf4172daa4e477b576163d4d0fa93f16c91801c049ac28c8ea0ae18
                          • Instruction ID: 8ddbf8d1509ef96718638e36c5d6a402ad273752571a4b914591f5fae7be49b5
                          • Opcode Fuzzy Hash: c8ba360b8bf4172daa4e477b576163d4d0fa93f16c91801c049ac28c8ea0ae18
                          • Instruction Fuzzy Hash: 2C21F4B59003599FCB10CF99D985BDEBBF4FF48314F10842AE918E7291D778A544CBA4
                          Function 0CE486C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 577 ce486c0-ce48740 VirtualAllocEx 579 ce48742-ce48748 577->579 580 ce48749-ce4875d 577->580 579->580
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0CE48733
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID: p
                          • API String ID: 4275171209-2181537457
                          • Opcode ID: d25f2393e8559eb48274440ecff201246dac521c2f784fa65bc2ba12038d0fff
                          • Instruction ID: a64e97c6f1a0afe5376abee253c1227899aa484480e271bd37e73b06616a48fb
                          • Opcode Fuzzy Hash: d25f2393e8559eb48274440ecff201246dac521c2f784fa65bc2ba12038d0fff
                          • Instruction Fuzzy Hash: EB11F0B5900249DFCB20DF9AD989BDEBFF4FB48314F248459E918A7260C379A544CFA1
                          Function 02F3ABA8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 716 2f3aba8-2f3abb7 717 2f3abe3-2f3abe7 716->717 718 2f3abb9-2f3abc6 call 2f39eb0 716->718 720 2f3abfb-2f3ac3c 717->720 721 2f3abe9-2f3abf3 717->721 723 2f3abc8 718->723 724 2f3abdc 718->724 727 2f3ac49-2f3ac57 720->727 728 2f3ac3e-2f3ac46 720->728 721->720 771 2f3abce call 2f3ae32 723->771 772 2f3abce call 2f3ae40 723->772 724->717 729 2f3ac7b-2f3ac7d 727->729 730 2f3ac59-2f3ac5e 727->730 728->727 735 2f3ac80-2f3ac87 729->735 732 2f3ac60-2f3ac67 call 2f39ebc 730->732 733 2f3ac69 730->733 731 2f3abd4-2f3abd6 731->724 734 2f3ad18-2f3add8 731->734 737 2f3ac6b-2f3ac79 732->737 733->737 766 2f3ade0-2f3ae0b GetModuleHandleW 734->766 767 2f3adda-2f3addd 734->767 738 2f3ac94-2f3ac9b 735->738 739 2f3ac89-2f3ac91 735->739 737->735 741 2f3aca8-2f3acb1 call 2f39ecc 738->741 742 2f3ac9d-2f3aca5 738->742 739->738 747 2f3acb3-2f3acbb 741->747 748 2f3acbe-2f3acc3 741->748 742->741 747->748 749 2f3ace1-2f3acee 748->749 750 2f3acc5-2f3accc 748->750 757 2f3ad11-2f3ad17 749->757 758 2f3acf0-2f3ad0e 749->758 750->749 752 2f3acce-2f3acde call 2f39edc call 2f39eec 750->752 752->749 758->757 768 2f3ae14-2f3ae28 766->768 769 2f3ae0d-2f3ae13 766->769 767->766 769->768 771->731 772->731
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02F3ADFE
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339658248.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2f30000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: 21fcbeec2df829255d0a36bb643dbd0d4e056fbe092bf21b6526dcb87042eea5
                          • Instruction ID: b87bb25f78eec907646f7598cb5b9a375ab1dfe125d2c7867429ec736a19e2c3
                          • Opcode Fuzzy Hash: 21fcbeec2df829255d0a36bb643dbd0d4e056fbe092bf21b6526dcb87042eea5
                          • Instruction Fuzzy Hash: D6813470A00B058FDB65DF2AD5447AABBF2FF88384F00892DD58AD7A50DB75E845CB90
                          Function 0CE47B38 Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 773 ce47b38-ce47bc3 775 ce47bc5-ce47bcb 773->775 776 ce47bce-ce47bd5 773->776 775->776 777 ce47bd7-ce47bdd 776->777 778 ce47be0-ce47bf6 776->778 777->778 779 ce47c01-ce47c9e CreateProcessW 778->779 780 ce47bf8-ce47bfe 778->780 782 ce47ca7-ce47d1b 779->782 783 ce47ca0-ce47ca6 779->783 780->779 791 ce47d2d-ce47d34 782->791 792 ce47d1d-ce47d23 782->792 783->782 793 ce47d36-ce47d45 791->793 794 ce47d4b 791->794 792->791 793->794 795 ce47d4c 794->795 795->795
                          APIs
                          • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0CE47C8B
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 9d0fb9ff4f58467ed20220de116971998198b2972174f6a3da55e0e3c485ccca
                          • Instruction ID: 314505153eacacd95fce97994c2b16a45fa6def925ad06b7979cb6e00c1bc36b
                          • Opcode Fuzzy Hash: 9d0fb9ff4f58467ed20220de116971998198b2972174f6a3da55e0e3c485ccca
                          • Instruction Fuzzy Hash: B2512871D01319DFDB65CF99C880BDDBBB6BF49304F1084AAE808A7250DB719A89CF91
                          Function 0CE47B37 Relevance: 1.6, APIs: 1, Instructions: 141processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 797 ce47b37-ce47bc3 799 ce47bc5-ce47bcb 797->799 800 ce47bce-ce47bd5 797->800 799->800 801 ce47bd7-ce47bdd 800->801 802 ce47be0-ce47bf6 800->802 801->802 803 ce47c01-ce47c9e CreateProcessW 802->803 804 ce47bf8-ce47bfe 802->804 806 ce47ca7-ce47d1b 803->806 807 ce47ca0-ce47ca6 803->807 804->803 815 ce47d2d-ce47d34 806->815 816 ce47d1d-ce47d23 806->816 807->806 817 ce47d36-ce47d45 815->817 818 ce47d4b 815->818 816->815 817->818 819 ce47d4c 818->819 819->819
                          APIs
                          • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0CE47C8B
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: a4baafde9139016fd4488e84d2a837967236c180ff3290775ffbf30ed8c368d9
                          • Instruction ID: cf201cd90b05a49698d7e769345c46d824f7cdb4260ad8225d4476e37494ab3b
                          • Opcode Fuzzy Hash: a4baafde9139016fd4488e84d2a837967236c180ff3290775ffbf30ed8c368d9
                          • Instruction Fuzzy Hash: 84512771D01319DFDB65CF99C980BDDBBB6BF48304F1084AAE408A7254DB319A89CF91
                          Function 02F3D488 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 821 2f3d488-2f3d524 DuplicateHandle 822 2f3d526-2f3d52c 821->822 823 2f3d52d-2f3d54a 821->823 822->823
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F3D517
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339658248.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2f30000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: ed13f4cfafe94a2124e89df920865a4018707586fc7dcae24b9baf44316f524e
                          • Instruction ID: f6c621a87a9fec2d1f920936e3380192346db82fc9841e19357c307870d1c6fb
                          • Opcode Fuzzy Hash: ed13f4cfafe94a2124e89df920865a4018707586fc7dcae24b9baf44316f524e
                          • Instruction Fuzzy Hash: 8F2119B5D00208DFDB10CF9AD984ADEBBF4FB48314F14801AE914A3310C379A954CFA1
                          Function 0CE48770 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 826 ce48770-ce487c1 828 ce487d1-ce4880a WriteProcessMemory 826->828 829 ce487c3-ce487cf 826->829 830 ce48813-ce48834 828->830 831 ce4880c-ce48812 828->831 829->828 831->830
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0CE487FD
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: abdc1ad9efbe8b051baa8d77b0a801830d934447b6cf0c0f72406af2b4443d3f
                          • Instruction ID: ce947f6a6cabbfa2fa4e5394d80594f13026e93ca395dc151377e68512894ce5
                          • Opcode Fuzzy Hash: abdc1ad9efbe8b051baa8d77b0a801830d934447b6cf0c0f72406af2b4443d3f
                          • Instruction Fuzzy Hash: FF21E0B59013499FCB10CF9AD885BDEBBF5FB48310F10842AE918E3290D778A944CBA4
                          Function 0CE485F0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                          Download Yara Rule
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0CE48677
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: 11cfce261834abc190762eadfb2cd370685a72447c5ab35d8eb3a833c7e0a505
                          • Instruction ID: 2fd8af6f3e3a6213c561b41c4c7ce44e832c01c2b8d271aea8df54c037e56c70
                          • Opcode Fuzzy Hash: 11cfce261834abc190762eadfb2cd370685a72447c5ab35d8eb3a833c7e0a505
                          • Instruction Fuzzy Hash: B421EFB5901249AFCB10CF9AD884BDEFBF4FF49320F10846AE958A3250D378A544CBA4
                          Function 02F3D490 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F3D517
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339658248.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2f30000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 0ac3fe0db9dcbe4700bcdfe8c678adc7af365a4810945d23ffb95cc588869d02
                          • Instruction ID: aa1facdaf9e6a8703c0f4682c9ef3734d82f0bbae3e1ce6f518897d8810c07ec
                          • Opcode Fuzzy Hash: 0ac3fe0db9dcbe4700bcdfe8c678adc7af365a4810945d23ffb95cc588869d02
                          • Instruction Fuzzy Hash: C321E4B59002089FDB10CF9AD984ADEBBF9FB48314F14841AE918A3310C378A944CFA1
                          Function 0CE48530 Relevance: 1.6, APIs: 1, Instructions: 60threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0CE485AF
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 4a85d1302c71536a919bfabcdca5bf914cf2e2a7ebd4ee54def3e742cea99646
                          • Instruction ID: f4fd96a2cae5ebc88aeb3e43d03c262597fc22702910e69e9a047bc9cc1de639
                          • Opcode Fuzzy Hash: 4a85d1302c71536a919bfabcdca5bf914cf2e2a7ebd4ee54def3e742cea99646
                          • Instruction Fuzzy Hash: D421E0B5E016199FCB10DF9AD9897EEFBF4BF08214F14856AD418A3281D378A944CFA1
                          Function 0CE485F8 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                          Download Yara Rule
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0CE48677
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: e0312ed1b8c1afb2c30e039afb24b5515d893832a9c2b9ab102324b0f29fd6ed
                          • Instruction ID: 660542d44ed3beadb7bdf495bc052e651b0bfa20009a46e2684c0df03b028ee1
                          • Opcode Fuzzy Hash: e0312ed1b8c1afb2c30e039afb24b5515d893832a9c2b9ab102324b0f29fd6ed
                          • Instruction Fuzzy Hash: EE21DEB5901249DFCB10CF9AD885ADEBBF5FB48310F10842AE918A3250D378A944CBA5
                          Function 0CE48538 Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0CE485AF
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: ceef70aa45cbee1bd0fe96384aebd6a28fd76184bbf56375342b38a4fc803a02
                          • Instruction ID: 2fcd0bed4caf9043a19daa417b18b7709ba2fbb7290df5ddaf32fe36f30a8a65
                          • Opcode Fuzzy Hash: ceef70aa45cbee1bd0fe96384aebd6a28fd76184bbf56375342b38a4fc803a02
                          • Instruction Fuzzy Hash: 6B2103B1D006199FCB10DF9AD885BAEFBF8FB48314F10812AD418E3280D778A944CFA1
                          Function 0CE42840 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0CE428B3
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 40e0521e790c415da5334fbb7fa3ba470015dc8095d2b30c2289cac58c2de10f
                          • Instruction ID: b6c78bbb21fbd1977586297d808b42511bb5cce752412c332e7dd911ed71128f
                          • Opcode Fuzzy Hash: 40e0521e790c415da5334fbb7fa3ba470015dc8095d2b30c2289cac58c2de10f
                          • Instruction Fuzzy Hash: EB21E4B59002499FCB10DF9AD485BDEFBF4FF48320F108429E958A7250D779A544CFA5
                          Function 0CE4283F Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0CE428B3
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: dfd52e455f30325998843f0c104329644b17712e4b3e21745d0e2bccb4477942
                          • Instruction ID: 4a56f87ad1cc2662ed4634e6d08fb7b6f6aa90388001cfdd078c03ff9aac40ba
                          • Opcode Fuzzy Hash: dfd52e455f30325998843f0c104329644b17712e4b3e21745d0e2bccb4477942
                          • Instruction Fuzzy Hash: 3111D0B59002499FCB10DF9AD585BEEBBF4FF48320F10842AE958A7250D378A644CFA1
                          Function 0CE49311 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,?,?,?), ref: 0CE49375
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: c660402488f753862c0dcdce6d76cd63cd185b0c61e3c9885025d76be1b3fb10
                          • Instruction ID: a137a3669171be07ce72cc853816ed0466bdadf4bc7ca7c66b3127484b689d11
                          • Opcode Fuzzy Hash: c660402488f753862c0dcdce6d76cd63cd185b0c61e3c9885025d76be1b3fb10
                          • Instruction Fuzzy Hash: 511125B58003499FCB10DF8AD885BDEFBF8FB49310F10845AD519A3250C379A544CFA0
                          Function 0CE486C8 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0CE48733
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 7a314617dfa4943f78cef04404e1930ca4c05370a28c3681f2acf798df39af11
                          • Instruction ID: 31994db3b6ab25fc359ebd1b254537e1420d0045396be8b641f2ca9d54160970
                          • Opcode Fuzzy Hash: 7a314617dfa4943f78cef04404e1930ca4c05370a28c3681f2acf798df39af11
                          • Instruction Fuzzy Hash: 7C11E3B5900249DFCB20DF9AD889BDEBFF4FB48310F208419E518A7250C775A544CFA1
                          Function 02F3AD98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02F3ADFE
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339658248.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2f30000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: 8e47047c5c34c77bc7e52edc5e6c0f3b0e671dfff4c3c5c674c93d1a4ae56b2d
                          • Instruction ID: 06e379978f902655f55a2a696de552b83f13ee6b6cb25595d51a708352ce2854
                          • Opcode Fuzzy Hash: 8e47047c5c34c77bc7e52edc5e6c0f3b0e671dfff4c3c5c674c93d1a4ae56b2d
                          • Instruction Fuzzy Hash: 9411E0B6C006498FCB10DF9AD444BDEFBF5EF88314F10845AD559A7210C379A545CFA1
                          Function 0CE48920 Relevance: 1.5, APIs: 1, Instructions: 45threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 29d1c81efbd9385edd17b401ea90b78c27c55b04df8f3332add1e8395da73429
                          • Instruction ID: 85ac00bde40fed65d3da76184b9116c414491597a291c38725bc145ee2963b38
                          • Opcode Fuzzy Hash: 29d1c81efbd9385edd17b401ea90b78c27c55b04df8f3332add1e8395da73429
                          • Instruction Fuzzy Hash: C61122B0800249CFCB20DF9AD485B9EFBF8EB48314F20845AD518A7250C379A544CFA1
                          Function 0CE49318 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,?,?,?), ref: 0CE49375
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: 9597bfd4697e2e55c367dbae50c51624f65230a5783b0f0b498f638725d4a94a
                          • Instruction ID: 7edce3f1d034c4f2a66e60b6e5d4af524a7df0f9799375a65ad708c23a67096e
                          • Opcode Fuzzy Hash: 9597bfd4697e2e55c367dbae50c51624f65230a5783b0f0b498f638725d4a94a
                          • Instruction Fuzzy Hash: 811103B58003499FCB10DF9AD485BDEFBF8FB49310F108459D519A3250C379A544CFA1
                          Function 0CE48928 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: a0a9b1104ab43fdd6d8c26ddbd8c10046b4d650691f5550b71b55d499ebe7a25
                          • Instruction ID: 75afc137cdc23578639624f662f345d2353bac8c78d7dafb6591226f03e7c480
                          • Opcode Fuzzy Hash: a0a9b1104ab43fdd6d8c26ddbd8c10046b4d650691f5550b71b55d499ebe7a25
                          • Instruction Fuzzy Hash: BE1112B5800649CFCB20DF9AD485BDEFBF8EB48324F20845AD618A3250C779A944CFA5
                          Function 0CE4A908 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule
                          APIs
                          • CloseHandle.KERNELBASE(?), ref: 0CE4A960
                          Memory Dump Source
                          • Source File: 00000005.00000002.2348888915.000000000CE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CE40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_ce40000_kmk.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID:
                          • API String ID: 2962429428-0
                          • Opcode ID: 4aae0c55a91ec7efa3e0554dfebb65cc5d9f1a143b41bc90144fa182228dbcbd
                          • Instruction ID: 1350332b2c17fbc36441e7a8946f652e6246564ce765088b7d2fea0cf7abb5c2
                          • Opcode Fuzzy Hash: 4aae0c55a91ec7efa3e0554dfebb65cc5d9f1a143b41bc90144fa182228dbcbd
                          • Instruction Fuzzy Hash: 131103B5800649CFCB20DF9AD545BEEBBF4EF48320F20846AD558A7250D739A944CFA5
                          Function 02E5D3B4 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339430510.0000000002E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E5D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2e5d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41f0ef9657e7b15153e40e648dc001ae21859a67d3587bea4a6c99b2239ec565
                          • Instruction ID: 0d2a8c5b2e660c1ab8b32859d2f02ceba8d6e2656861990554f90293e4274c2e
                          • Opcode Fuzzy Hash: 41f0ef9657e7b15153e40e648dc001ae21859a67d3587bea4a6c99b2239ec565
                          • Instruction Fuzzy Hash: 242100B1590204DFDB09DF14D9C0F26BF65FB98328F20C5A9ED094B256C33AE456CAA2
                          Function 02E6D1D4 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339469162.0000000002E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E6D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2e6d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6da09b4022c47fb7f715287ad2161ab513f7a7a436d3de9fed8de56ddad317ca
                          • Instruction ID: 70a5b0742efc2d30f33d438cd13d2034a8a123a223c896daff1de6a390f07c91
                          • Opcode Fuzzy Hash: 6da09b4022c47fb7f715287ad2161ab513f7a7a436d3de9fed8de56ddad317ca
                          • Instruction Fuzzy Hash: DF212271684204EFDB05DF64D9C8B36BBA5FB88318F64C56DE80D4B252C33AD446CA61
                          Function 02E6D01C Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339469162.0000000002E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E6D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2e6d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: db0ef7e7eb12dfc894ed38f5e80927b1fe9bb074496c3d574df6ace3b0427f33
                          • Instruction ID: 771caddddb851e31dedd48af8fa5f51516b28413a8b76b95111d43e98c2336b0
                          • Opcode Fuzzy Hash: db0ef7e7eb12dfc894ed38f5e80927b1fe9bb074496c3d574df6ace3b0427f33
                          • Instruction Fuzzy Hash: B5212571684200DFDB54DF24D988B26BF66FB88318F60C569D80A4B256C33BD407CAA1
                          Function 02E6D005 Relevance: .1, Instructions: 62COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339469162.0000000002E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E6D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2e6d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 265d605453a3f6189863f46c0d746f2b22d757680d58bdc97d3281837771ebd5
                          • Instruction ID: 01160e19b0a8f3daaaeba594127378bf0eb2417e2c7d6577993bf4a7ab83b11b
                          • Opcode Fuzzy Hash: 265d605453a3f6189863f46c0d746f2b22d757680d58bdc97d3281837771ebd5
                          • Instruction Fuzzy Hash: 262165755493C08FD712CF24D994715BF72EB46218F28C5DAD8498F6A7C33A940ACB62
                          Function 02E5D3AF Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339430510.0000000002E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E5D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2e5d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                          • Instruction ID: 0c7095b018de8b88e9862d38b04033de2c26bc3b44b56c22d6eb2082163d3977
                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                          • Instruction Fuzzy Hash: 6111E676544280CFCB16CF10D9C4B16BF71FB84328F24C5A9DD494B656C336E45ACBA2
                          Function 02E6D1CF Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2339469162.0000000002E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E6D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_2e6d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                          • Instruction ID: f9d75edf3d7e6acef90770fc9959406d12118b4b9c1859754f2aa2849ef1c966
                          • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                          • Instruction Fuzzy Hash: 4E11BE75684240DFCB12CF50C9C4B25BF61FB84228F28C6A9D8494B256C33AD45ACB61

                          Execution Graph

                          Execution Coverage:9%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:120
                          Total number of Limit Nodes:9
                          execution_graph 35987 15cd01c 35988 15cd034 35987->35988 35989 15cd08e 35988->35989 35996 177b220 35988->35996 36004 177479c 35988->36004 36008 17747ac 35988->36008 36016 1776a1d 35988->36016 36019 17768e0 35988->36019 36025 17768f0 35988->36025 35999 177b275 35996->35999 35997 177b2a9 36039 177a16c 35997->36039 35999->35997 36000 177b299 35999->36000 36031 177b3d0 36000->36031 36035 177b3c0 36000->36035 36001 177b2a7 36005 17747a7 36004->36005 36043 17747d4 36005->36043 36007 1776a27 36007->35989 36009 17747b7 36008->36009 36010 177b2a9 36009->36010 36012 177b299 36009->36012 36011 177a16c CallWindowProcW 36010->36011 36013 177b2a7 36011->36013 36014 177b3d0 CallWindowProcW 36012->36014 36015 177b3c0 CallWindowProcW 36012->36015 36014->36013 36015->36013 36017 1776a27 36016->36017 36018 17747d4 GetModuleHandleW 36016->36018 36017->35989 36018->36017 36020 1776916 36019->36020 36021 177479c GetModuleHandleW 36020->36021 36022 1776922 36021->36022 36023 17747ac CallWindowProcW 36022->36023 36024 1776937 36023->36024 36024->35989 36026 1776916 36025->36026 36027 177479c GetModuleHandleW 36026->36027 36028 1776922 36027->36028 36029 17747ac CallWindowProcW 36028->36029 36030 1776937 36029->36030 36030->35989 36034 177b3de 36031->36034 36032 177a16c CallWindowProcW 36032->36034 36033 177b4c7 36033->36001 36034->36032 36034->36033 36037 177b3de 36035->36037 36036 177a16c CallWindowProcW 36036->36037 36037->36036 36038 177b4c7 36037->36038 36038->36001 36040 177a177 36039->36040 36041 177b541 36040->36041 36042 177b592 CallWindowProcW 36040->36042 36041->36001 36042->36041 36044 17747df 36043->36044 36046 1776af7 36044->36046 36047 1773aec 36044->36047 36048 1775690 GetModuleHandleW 36047->36048 36050 1775705 36048->36050 36050->36046 36125 18b92e8 36126 18b9307 36125->36126 36127 18b933b LdrInitializeThunk 36126->36127 36128 18b9358 36127->36128 36051 177a3f0 36052 177a436 GetCurrentProcess 36051->36052 36054 177a481 36052->36054 36055 177a488 GetCurrentThread 36052->36055 36054->36055 36056 177a4c5 GetCurrentProcess 36055->36056 36057 177a4be 36055->36057 36058 177a4fb 36056->36058 36057->36056 36063 177a5c0 36058->36063 36065 177a630 36058->36065 36059 177a523 GetCurrentThreadId 36060 177a554 36059->36060 36064 177a5d5 36063->36064 36064->36059 36066 177a633 DuplicateHandle 36065->36066 36067 177a5cf 36065->36067 36068 177a6ce 36066->36068 36067->36059 36068->36059 36069 1776738 36070 17767a0 CreateWindowExW 36069->36070 36072 177685c 36070->36072 36072->36072 36073 17719a8 36074 17719d7 36073->36074 36077 1771714 36074->36077 36076 1771afc 36078 177171f 36077->36078 36079 1772062 36078->36079 36082 1774be0 36078->36082 36088 1774bcb 36078->36088 36079->36076 36083 1774c0b 36082->36083 36094 17751b1 36083->36094 36084 1774c8e 36085 1773aec GetModuleHandleW 36084->36085 36086 1774cba 36084->36086 36085->36086 36089 1774c0b 36088->36089 36093 17751b1 3 API calls 36089->36093 36090 1774c8e 36091 1773aec GetModuleHandleW 36090->36091 36092 1774cba 36090->36092 36091->36092 36093->36090 36095 17751ed 36094->36095 36096 177526e 36095->36096 36099 1775330 36095->36099 36112 1775320 36095->36112 36100 1775345 36099->36100 36101 1773aec GetModuleHandleW 36100->36101 36102 177538a 36100->36102 36101->36102 36103 1773aec GetModuleHandleW 36102->36103 36104 1775556 36102->36104 36105 17754db 36103->36105 36106 17755b1 36104->36106 36107 17756d8 GetModuleHandleW 36104->36107 36105->36104 36105->36106 36109 1773aec GetModuleHandleW 36105->36109 36106->36096 36108 1775705 36107->36108 36108->36096 36110 1775529 36109->36110 36110->36104 36111 1773aec GetModuleHandleW 36110->36111 36111->36104 36113 1775345 36112->36113 36114 1773aec GetModuleHandleW 36113->36114 36115 177538a 36113->36115 36114->36115 36116 1773aec GetModuleHandleW 36115->36116 36124 1775556 36115->36124 36117 17754db 36116->36117 36118 17755b1 36117->36118 36121 1773aec GetModuleHandleW 36117->36121 36117->36124 36118->36096 36119 17756d8 GetModuleHandleW 36120 1775705 36119->36120 36120->36096 36122 1775529 36121->36122 36123 1773aec GetModuleHandleW 36122->36123 36122->36124 36123->36124 36124->36118 36124->36119

                          Executed Functions

                          Function 0188B764 Relevance: 2.8, Instructions: 2800COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5799acfa1b60343c1797b3630fc0b31d0112db0ce338f5f446a01b1643ad62b5
                          • Instruction ID: 63dbb6ea452dad4eba9cfb38e1e819145aa27ffdaa1e7ab7ba5c230f94a40cee
                          • Opcode Fuzzy Hash: 5799acfa1b60343c1797b3630fc0b31d0112db0ce338f5f446a01b1643ad62b5
                          • Instruction Fuzzy Hash: EA53EE30D10B198ECB11EF68C894699F7B1FF99300F55D69AE458A7225EB70EAC4CF81
                          Function 018874C8 Relevance: .5, Instructions: 473COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f86a7762d74f3614a0d6c1c1eb821301c90d3a7c1ded19f13ed231d2ba563e1
                          • Instruction ID: 452c3b7f6f98c6a700af096917cf75c26b791c3f43a7d5985009d009f3ac45ea
                          • Opcode Fuzzy Hash: 6f86a7762d74f3614a0d6c1c1eb821301c90d3a7c1ded19f13ed231d2ba563e1
                          • Instruction Fuzzy Hash: 78F1C030B002068FDB15ABBCD9947AE7AF6EF84310F248479E506DB395EE34DE058B91
                          Function 0177A3E0 Relevance: 6.1, APIs: 4, Instructions: 139threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 0177A46E
                          • GetCurrentThread.KERNEL32 ref: 0177A4AB
                          • GetCurrentProcess.KERNEL32 ref: 0177A4E8
                          • GetCurrentThreadId.KERNEL32 ref: 0177A541
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: 2dbe3da20073d2dbf29dfd194cdc099776accfe7651bc24572f0c11dcca449cd
                          • Instruction ID: 5da504769c963f2e2e97e3b49543413ff858dfc67aabc07043965c1699776f18
                          • Opcode Fuzzy Hash: 2dbe3da20073d2dbf29dfd194cdc099776accfe7651bc24572f0c11dcca449cd
                          • Instruction Fuzzy Hash: 075168B09053499FEB18DFA9D548BAEFBF1FF48304F24C059D109AB260D7399944CB62
                          Function 0177A3F0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 0177A46E
                          • GetCurrentThread.KERNEL32 ref: 0177A4AB
                          • GetCurrentProcess.KERNEL32 ref: 0177A4E8
                          • GetCurrentThreadId.KERNEL32 ref: 0177A541
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: c04f427421398455f936cf9964b8983c305d10fc382b3427cb34a4963f12e719
                          • Instruction ID: f0daf81986c6620fd5e413c8c375128b2cc8e5d187764244d94d6e01036c8943
                          • Opcode Fuzzy Hash: c04f427421398455f936cf9964b8983c305d10fc382b3427cb34a4963f12e719
                          • Instruction Fuzzy Hash: 025145B09053098FEB18DFA9D548BAEFBF1FF88304F24C059D009A7260D739A944CB66
                          Function 018B9288 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 49 18b9288-18b9289 50 18b928b-18b9295 49->50 51 18b9215-18b9225 49->51 52 18b92f3-18b931f call 18b8ee8 50->52 53 18b9297-18b92a7 50->53 57 18b9238 51->57 74 18b9327-18b932d 52->74 55 18b92a9-18b92b3 53->55 56 18b92cc-18b92e1 53->56 58 18b92c8-18b92cb 55->58 59 18b92b5-18b92c6 55->59 64 18b926d 56->64 65 18b92e3-18b92f1 56->65 117 18b923e call 1888540 57->117 118 18b923e call 1888531 57->118 59->58 62 18b9243-18b9267 67 18b927a-18b9283 62->67 64->67 65->52 75 18b9334 74->75 76 18b933b-18b9352 LdrInitializeThunk 75->76 77 18b949b-18b94b8 76->77 78 18b9358-18b9372 76->78 90 18b94bd-18b94c6 77->90 78->77 81 18b9378-18b9392 78->81 85 18b9398 81->85 86 18b9394-18b9396 81->86 87 18b939b-18b93f6 call 18b686c 85->87 86->87 97 18b93f8-18b93fa 87->97 98 18b93fc 87->98 99 18b93ff-18b9499 call 18b686c 97->99 98->99 99->90 117->62 118->62
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.4513326957.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_18b0000_kmk.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: LRjq$LRjq
                          • API String ID: 2994545307-348097489
                          • Opcode ID: 6a9be0e23acc23ee7be4788e4a2e1bfc0fb8cebb564be4e7aaefa6bd75780ce5
                          • Instruction ID: 989c55f62afe9075a4d05f4f00fb59efa8d1b8057733bcc02d095f907f25a07c
                          • Opcode Fuzzy Hash: 6a9be0e23acc23ee7be4788e4a2e1bfc0fb8cebb564be4e7aaefa6bd75780ce5
                          • Instruction Fuzzy Hash: A461CE71B002059FCB05EF78D884AEEBBB5BF88314F1485AAE116DB399EA349905CB51
                          Function 018B92E8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 119 18b92e8-18b9352 call 18b8ee8 LdrInitializeThunk 128 18b949b-18b94b8 119->128 129 18b9358-18b9372 119->129 141 18b94bd-18b94c6 128->141 129->128 132 18b9378-18b9392 129->132 136 18b9398 132->136 137 18b9394-18b9396 132->137 138 18b939b-18b93f6 call 18b686c 136->138 137->138 148 18b93f8-18b93fa 138->148 149 18b93fc 138->149 150 18b93ff-18b9499 call 18b686c 148->150 149->150 150->141
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.4513326957.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_18b0000_kmk.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: LRjq$LRjq
                          • API String ID: 2994545307-348097489
                          • Opcode ID: eac48f5ca925e39daad2786cd5733d5d45503a1c5669d5400ac24b3d1d73cb29
                          • Instruction ID: d05c3383f61289b1781cb899b07a06da4c64d277f4b5917e4c19949b48f51714
                          • Opcode Fuzzy Hash: eac48f5ca925e39daad2786cd5733d5d45503a1c5669d5400ac24b3d1d73cb29
                          • Instruction Fuzzy Hash: 45517371A002069FCB14EFB4D988AAEB7B5FF88304F148569D512DB399EF74E904CB91
                          Function 01880040 Relevance: 4.6, Strings: 3, Instructions: 816COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 168 1880040-188052e 243 1880a80-1880ab5 168->243 244 1880534-1880544 168->244 248 1880ac1-1880adf 243->248 249 1880ab7-1880abc 243->249 244->243 245 188054a-188055a 244->245 245->243 246 1880560-1880570 245->246 246->243 250 1880576-1880586 246->250 261 1880ae1-1880aeb 248->261 262 1880b56-1880b62 248->262 251 1880ba6-1880bab 249->251 250->243 252 188058c-188059c 250->252 252->243 254 18805a2-18805b2 252->254 254->243 255 18805b8-18805c8 254->255 255->243 257 18805ce-18805de 255->257 257->243 258 18805e4-18805f4 257->258 258->243 260 18805fa-188060a 258->260 260->243 263 1880610-1880a7f 260->263 261->262 269 1880aed-1880af9 261->269 267 1880b79-1880b85 262->267 268 1880b64-1880b70 262->268 276 1880b9c-1880b9e 267->276 277 1880b87-1880b93 267->277 268->267 275 1880b72-1880b77 268->275 278 1880afb-1880b06 269->278 279 1880b1e-1880b21 269->279 275->251 276->251 277->276 289 1880b95-1880b9a 277->289 278->279 287 1880b08-1880b12 278->287 280 1880b38-1880b44 279->280 281 1880b23-1880b2f 279->281 285 1880bac-1880bfb call 1880d70 280->285 286 1880b46-1880b4d 280->286 281->280 293 1880b31-1880b36 281->293 298 1880c01-1880c08 285->298 286->285 290 1880b4f-1880b54 286->290 287->279 296 1880b14-1880b19 287->296 289->251 290->251 293->251 296->251 300 1880c0a-1880c15 298->300 301 1880c1b-1880c26 298->301 300->301 305 1880c9e-1880cf0 300->305 306 1880c2c-1880c9b 301->306 307 1880cf7-1880d3c 301->307 305->307 327 1880d4d-1880d5b 307->327 328 1880d3e-1880d4b 307->328 333 1880d69 327->333 334 1880d5d-1880d67 327->334 337 1880d6b-1880d6e 328->337 333->337 334->337
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: (ojq$$jq$$jq
                          • API String ID: 0-3963620244
                          • Opcode ID: 810e6eceee47a3c1e5e5900e6217c990dbc006e6a6d7560c8066a57ad88043f8
                          • Instruction ID: 23cdae000ec744a5f3fb272313689a3d0456b010573696a60c3e3b0dbc91dab1
                          • Opcode Fuzzy Hash: 810e6eceee47a3c1e5e5900e6217c990dbc006e6a6d7560c8066a57ad88043f8
                          • Instruction Fuzzy Hash: CA725370A002198FDB55DBA8C960B9EBB77FF84300F1080A9D50AAB3A5DF355E49DF91
                          Function 01775330 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 291COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 426 1775330-1775356 429 17753a7-17753af 426->429 430 1775358-177536f 426->430 431 17753f5-177543e call 17746ec 429->431 432 17753b1-17753b6 call 17746e0 429->432 436 1775371-1775377 430->436 437 1775379 430->437 456 1775444-177548f 431->456 457 17755eb-177561d 431->457 435 17753bb-17753f0 432->435 449 1775492-17754eb call 1775929 call 1773aec call 17746f8 435->449 439 177537f-1775385 call 1773aec 436->439 437->439 443 177538a-17753a1 call 17746d4 439->443 443->429 450 17755bd-17755e4 443->450 478 17754f0-17754f4 449->478 450->457 456->449 473 1775624-1775668 457->473 487 17756a4-17756d0 473->487 488 177566a-177567e 473->488 480 17755b1-17755bc 478->480 481 17754fa-1775507 478->481 485 17755ad-17755af 481->485 486 177550d-177553a call 1773aec call 17746ec 481->486 485->473 485->480 486->485 500 177553c-177554a 486->500 489 17756d2-17756d5 487->489 490 17756d8-1775703 GetModuleHandleW 487->490 489->490 492 1775705-177570b 490->492 493 177570c-1775720 490->493 492->493 500->485 501 177554c-1775563 call 1773aec call 1774704 500->501 506 1775565-177556e call 17746f8 501->506 507 1775570-177559f call 17746f8 501->507 506->485 507->485 515 17755a1-17755ab 507->515 515->485 515->507
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 017756F6
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID: #"
                          • API String ID: 4139908857-2415436313
                          • Opcode ID: 3c0acbf8e648f6a0d8916f172fa66ef8262e776d85382479862450ffc2f1ad42
                          • Instruction ID: 0506f2ee32d486db1809d7bda38dd9f40f95b8950734cc47beadfe3e206a7075
                          • Opcode Fuzzy Hash: 3c0acbf8e648f6a0d8916f172fa66ef8262e776d85382479862450ffc2f1ad42
                          • Instruction Fuzzy Hash: 76B14670A007069FCB54EF69D484A6EFBF6FF88300B108A69D40ADB765DB74E945CB90
                          Function 0177672D Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1434 177672d-177679e 1435 17767a0-17767a6 1434->1435 1436 17767a9-17767b0 1434->1436 1435->1436 1437 17767b2-17767b8 1436->1437 1438 17767bb-17767f3 1436->1438 1437->1438 1439 17767fb-177685a CreateWindowExW 1438->1439 1440 1776863-177689b 1439->1440 1441 177685c-1776862 1439->1441 1445 177689d-17768a0 1440->1445 1446 17768a8 1440->1446 1441->1440 1445->1446 1447 17768a9 1446->1447 1447->1447
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0177684A
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: e070c965df676f7a59a916c7b6f4696f39610bb56fca916afbdf56f1f0a83e5c
                          • Instruction ID: b24f3b995b22c7d3b5037f8c38d90145204e18055ac46c94c7009c708ce569e6
                          • Opcode Fuzzy Hash: e070c965df676f7a59a916c7b6f4696f39610bb56fca916afbdf56f1f0a83e5c
                          • Instruction Fuzzy Hash: D851AFB1D10209AFEB14CF99C984ADEFFB5BF88310F24812AE419AB214D775A945CF90
                          Function 01776738 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1555 1776738-177679e 1556 17767a0-17767a6 1555->1556 1557 17767a9-17767b0 1555->1557 1556->1557 1558 17767b2-17767b8 1557->1558 1559 17767bb-177685a CreateWindowExW 1557->1559 1558->1559 1561 1776863-177689b 1559->1561 1562 177685c-1776862 1559->1562 1566 177689d-17768a0 1561->1566 1567 17768a8 1561->1567 1562->1561 1566->1567 1568 17768a9 1567->1568 1568->1568
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0177684A
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: 3d3e09ca5c073299ab2f27cd3553448cdda219d686bd056e1a3fb371a5aca22f
                          • Instruction ID: d4c184a520d738181a11fbc57d5965448b47c6aa42cb604163d1742e058a14e0
                          • Opcode Fuzzy Hash: 3d3e09ca5c073299ab2f27cd3553448cdda219d686bd056e1a3fb371a5aca22f
                          • Instruction Fuzzy Hash: FF41B0B1D002099FEF14DF9AC884ADEFBB5BF48310F24812AE418AB214D775A945CF90
                          Function 0177A630 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1569 177a630-177a631 1570 177a633-177a6cc DuplicateHandle 1569->1570 1571 177a5cf-177a5f7 1569->1571 1574 177a6d5-177a6f2 1570->1574 1575 177a6ce-177a6d4 1570->1575 1572 177a5fe-177a624 1571->1572 1573 177a5f9 call 1779f9c 1571->1573 1573->1572 1575->1574
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0177A6BF
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: ddf29857ddd4dc3c4a67452b3acff341ae0ebd09bcf4e4e7a4e7c20042737b0b
                          • Instruction ID: f4eb619606c15689df77234e86866c584a0fbbe5dffb2dc0b981a2e6c098d06e
                          • Opcode Fuzzy Hash: ddf29857ddd4dc3c4a67452b3acff341ae0ebd09bcf4e4e7a4e7c20042737b0b
                          • Instruction Fuzzy Hash: BD410776900209AFDF11CF99D844AEEBBF5FB88310F14806AE915A7360D3359954DFA0
                          Function 0177A16C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1580 177a16c-177b534 1583 177b5e4-177b604 call 17747ac 1580->1583 1584 177b53a-177b53f 1580->1584 1591 177b607-177b614 1583->1591 1586 177b592-177b5ca CallWindowProcW 1584->1586 1587 177b541-177b578 1584->1587 1589 177b5d3-177b5e2 1586->1589 1590 177b5cc-177b5d2 1586->1590 1594 177b581-177b590 1587->1594 1595 177b57a-177b580 1587->1595 1589->1591 1590->1589 1594->1591 1595->1594
                          APIs
                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 0177B5B9
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: CallProcWindow
                          • String ID:
                          • API String ID: 2714655100-0
                          • Opcode ID: ede3c523c6ec0ee228b00a5c967192b0857cc0795c4be83f6e961266e51d3f3e
                          • Instruction ID: d0671b1d8bfde6b74020b46cbbb57597a4024697a6eed088ab0d37c1349bfd0d
                          • Opcode Fuzzy Hash: ede3c523c6ec0ee228b00a5c967192b0857cc0795c4be83f6e961266e51d3f3e
                          • Instruction Fuzzy Hash: 8D4115B5A00309DFDB14DF99C488AAAFBF5FF88314F24C499D519AB321D735A941CBA0
                          Function 0177A638 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0177A6BF
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 9ffaa003f83ca50c8e4c0c750de0b47119d1064698516bf7ba7f6665877b2fc9
                          • Instruction ID: ca3e81c931580dbc7a6a0bdc2c194a159711b09005470141c7221c581f3a2f54
                          • Opcode Fuzzy Hash: 9ffaa003f83ca50c8e4c0c750de0b47119d1064698516bf7ba7f6665877b2fc9
                          • Instruction Fuzzy Hash: C621C4B5900248AFDB10DF9AD584ADEFFF9FB48310F14841AE918A3350D379A954CFA5
                          Function 018BA240 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 018BA2C3
                          Memory Dump Source
                          • Source File: 00000006.00000002.4513326957.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_18b0000_kmk.jbxd
                          Similarity
                          • API ID: HookWindows
                          • String ID:
                          • API String ID: 2559412058-0
                          • Opcode ID: 033a6bc01d6b57e9dfc82d6951e0bbca964945efcf67fb21e06b1c142593cc3e
                          • Instruction ID: fbf22f34edffadbe3057564c7bb68d159615c4e612ab428811b4de28506c1ce5
                          • Opcode Fuzzy Hash: 033a6bc01d6b57e9dfc82d6951e0bbca964945efcf67fb21e06b1c142593cc3e
                          • Instruction Fuzzy Hash: 562135B59002099FDB14DFAAC844BEEBBF5FF88310F10842AE558A7350C775A944CFA0
                          Function 018B6878 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 018BA2C3
                          Memory Dump Source
                          • Source File: 00000006.00000002.4513326957.00000000018B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_18b0000_kmk.jbxd
                          Similarity
                          • API ID: HookWindows
                          • String ID:
                          • API String ID: 2559412058-0
                          • Opcode ID: 6d5dfe127759b2161fda2b179ca258597af9866a1cfd001d49f2bed756e016d4
                          • Instruction ID: 0b4d5a67d51e96a68548ac65e2d96eb426b2da8a867e51fbcc655a294d524358
                          • Opcode Fuzzy Hash: 6d5dfe127759b2161fda2b179ca258597af9866a1cfd001d49f2bed756e016d4
                          • Instruction Fuzzy Hash: D92115B19002199FDB14DF9AC844BEEFBF5FB88310F10842AE559A7350C775AA44CFA0
                          Function 01773AEC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 017756F6
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: 6ef0974eb7ce7fd23aaf346ccb4a9078ee20cbe65a2985f8d16b967aac6a186f
                          • Instruction ID: 1e3077e9649e787b224d198ad532ed74ed9f660172e35aea472c12172302e5fe
                          • Opcode Fuzzy Hash: 6ef0974eb7ce7fd23aaf346ccb4a9078ee20cbe65a2985f8d16b967aac6a186f
                          • Instruction Fuzzy Hash: 3C11F0B5C003498FDB10DF9AD444BAEFBF5EB48710F10846AD519B7200C379A545CFA5
                          Function 01775688 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 017756F6
                          Memory Dump Source
                          • Source File: 00000006.00000002.4511936770.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1770000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: 07c0e933bfb222419ceb9ae50f80e81a7cb8e979330188096c4d8e2243b35366
                          • Instruction ID: b807fb14294876f5f13e4304bd37f07393d3811de0640c286dc491dd6aeba440
                          • Opcode Fuzzy Hash: 07c0e933bfb222419ceb9ae50f80e81a7cb8e979330188096c4d8e2243b35366
                          • Instruction Fuzzy Hash: 2C1132B1C002488FDB10DF9AC448ADEFBF5AF49714F14845AD518B7200C379A545CFA0
                          Function 01881710 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Hnq
                          • API String ID: 0-2896580000
                          • Opcode ID: 3bb9fa91b5adafdb7dd72a2c933a9dff81a9de0a179985ab682e0b1de93f8f40
                          • Instruction ID: c633975581930cae2042a366328d34df2526ab0a62e1328949f3e53d75026c85
                          • Opcode Fuzzy Hash: 3bb9fa91b5adafdb7dd72a2c933a9dff81a9de0a179985ab682e0b1de93f8f40
                          • Instruction Fuzzy Hash: EA410F357042168FCB16BF68D90966A7FE2FF85315B1884ADE809CB2A1CF34CD02CB91
                          Function 01888540 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHjq
                          • API String ID: 0-751881793
                          • Opcode ID: 07fdb138965054333ce919bbe98a57052012933cb7f9839e98e7ce8a89739f1d
                          • Instruction ID: fef463f4fee32e5e78009034cb784a076d25dbf25f0d07f9b6da9c817cbf28ec
                          • Opcode Fuzzy Hash: 07fdb138965054333ce919bbe98a57052012933cb7f9839e98e7ce8a89739f1d
                          • Instruction Fuzzy Hash: BD31B231B001098FCB15AF78D55866EBAE6FF89200F518528D416EB399DF74ED05CBA1
                          Function 01888531 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHjq
                          • API String ID: 0-751881793
                          • Opcode ID: dae4a43d41e922fb0c3f20cdf890db2d2e0f074eb09c9e2a2b6796cbcc863262
                          • Instruction ID: 90119e2907cfb994fbdfca7219ec592b8f4bbfefc83e6fceccc6a03730164658
                          • Opcode Fuzzy Hash: dae4a43d41e922fb0c3f20cdf890db2d2e0f074eb09c9e2a2b6796cbcc863262
                          • Instruction Fuzzy Hash: 8531CE31B001058FCB15AF78C5586AEBBE6FF88200F158529E416EB398DF34ED05CB91
                          Function 018887E0 Relevance: .7, Instructions: 676COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4b07322d1a3778025a5b1ae92426f56ce4d56f1f3eb51e9f9d24fb3573e55e8c
                          • Instruction ID: 184dcc3dbda4baf0fb599b343044f1533bf5bc60cc6c6f43fa5b626978c98a74
                          • Opcode Fuzzy Hash: 4b07322d1a3778025a5b1ae92426f56ce4d56f1f3eb51e9f9d24fb3573e55e8c
                          • Instruction Fuzzy Hash: DD523830A00205CFDB65EF68D584A9DBBB2FF46314F948469E409DB366DB35EE81CB41
                          Function 01888050 Relevance: .4, Instructions: 443COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 56ba4b687daead1bac1ba887bc8c48ea6199202f91ffd341429bb0c6d0d9ce59
                          • Instruction ID: bc8d5d1297028a6670aaf58c7e5c179cb6580bb8315fe7ea4a7684a86519fbfb
                          • Opcode Fuzzy Hash: 56ba4b687daead1bac1ba887bc8c48ea6199202f91ffd341429bb0c6d0d9ce59
                          • Instruction Fuzzy Hash: C0F18C307097858FD747973898146A67FF1AF87314F6984EBD548CB2A3EA29DC06C722
                          Function 01888F68 Relevance: .4, Instructions: 379COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 739eecfe131bc0c38ea5d53b1affe3ef6c2894d27438f07ddf2fb88cee1dff1f
                          • Instruction ID: b1f5a85dbf6820376cbab705c756d17a47e5bb409b728e3136ba3d842b3f718d
                          • Opcode Fuzzy Hash: 739eecfe131bc0c38ea5d53b1affe3ef6c2894d27438f07ddf2fb88cee1dff1f
                          • Instruction Fuzzy Hash: 15E12730A00604CFCB29EF68D548AADBBF2FF84319F549569E806EB294DB35ED45CB50
                          Function 01880D70 Relevance: .3, Instructions: 306COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b553597fd0cc1db65ee91008f0f1e8d51a7a0f60fed8f7ce6849c468f936733f
                          • Instruction ID: 25637fb6704e1a3af26bfe07140197a493a14f36d7bb4fc5c8faabcdb3590a06
                          • Opcode Fuzzy Hash: b553597fd0cc1db65ee91008f0f1e8d51a7a0f60fed8f7ce6849c468f936733f
                          • Instruction Fuzzy Hash: 4CD12A75E006058FCB05DFA8C988A9DBBF6BF88310F198459E515EB3A2CB31ED46CB54
                          Function 0188E8A4 Relevance: .3, Instructions: 300COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b0d8f1f63523f18612419b65ce827bc1b5f69b81e58d30c5e046f7136f68bf8
                          • Instruction ID: 6c3d5953ac80f232df487708dcfb5171f46ed90c7f9f4d70d933eb6405dac809
                          • Opcode Fuzzy Hash: 2b0d8f1f63523f18612419b65ce827bc1b5f69b81e58d30c5e046f7136f68bf8
                          • Instruction Fuzzy Hash: 85B1E831B0020A8BDB15DB69C8947AEBBF2FF85320F588569D516EB392C635ED44C760
                          Function 01887190 Relevance: .3, Instructions: 296COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d5e119306954f269f390c66a5e2930c8ef3b3d5add2a51aa29ef694270c13497
                          • Instruction ID: 198f6490790f11dc72dead76eac60ecf64d206765cc9c32e623773cc476c34ca
                          • Opcode Fuzzy Hash: d5e119306954f269f390c66a5e2930c8ef3b3d5add2a51aa29ef694270c13497
                          • Instruction Fuzzy Hash: 02B17F34B002059FCB15EFB8D998AADBFF6BF88311B248469E406EB365DB319D45CB50
                          Function 0188B38C Relevance: .2, Instructions: 231COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dff351ace0d6cb78f2e3ecf6a2ad665d0cff94371e26d55ecce6dd1583a06716
                          • Instruction ID: 10a553d447ce88d49ff6c6d280631db22d2248e71aad43c0e9191551a2af06fa
                          • Opcode Fuzzy Hash: dff351ace0d6cb78f2e3ecf6a2ad665d0cff94371e26d55ecce6dd1583a06716
                          • Instruction Fuzzy Hash: 6E81C230B002458FDB11DB68D59479ABBE2AFC5304F28C0AAE409DF396EB75DD45C761
                          Function 0188A348 Relevance: .1, Instructions: 114COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a4a3c3bf1354b0ec886242b34bf7179a41f940172b7b394c4ec7d0dd9f7a8727
                          • Instruction ID: 8c4ac05f62b443f4b631f4ff3886d144ef2cd2f3141dedfee5818aa13f333e94
                          • Opcode Fuzzy Hash: a4a3c3bf1354b0ec886242b34bf7179a41f940172b7b394c4ec7d0dd9f7a8727
                          • Instruction Fuzzy Hash: 0D41EE71F003428FDF16AFB898482AE7BF1AF48340F1480A6D915DB395EB398D018B90
                          Function 01887A99 Relevance: .1, Instructions: 104COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 393f86926f213f552c9593e087906a7fd995a990d0017cc87d926de50aaf7c18
                          • Instruction ID: 7443a3cc8b8e816b2b3c1b58949d2b1ec26388d1aa1ef45a2cf474c11928c20e
                          • Opcode Fuzzy Hash: 393f86926f213f552c9593e087906a7fd995a990d0017cc87d926de50aaf7c18
                          • Instruction Fuzzy Hash: 4F31D531B093458FD7129BB898186AA7BF2DF86311F2540FAE409CB296EB39CD06C751
                          Function 01881610 Relevance: .1, Instructions: 98COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c6df63acb4ad075772d2deea45c67f5e2c756c8f88a35e6dfca4fa0d8037879a
                          • Instruction ID: 1cd428b52188a2bbaf7a9a7e9c83aa61ef5093ca330050b1892053a5dc0f88c8
                          • Opcode Fuzzy Hash: c6df63acb4ad075772d2deea45c67f5e2c756c8f88a35e6dfca4fa0d8037879a
                          • Instruction Fuzzy Hash: 1131E175B002199FCB00DFA8D884AAEBBF8FF49314F14446AE504D7261DB34DA42CB90
                          Function 0188A3A8 Relevance: .1, Instructions: 93COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 746dfe258002d5a918b8093713168acebb1ef72dafcb222ca0759b5784afea98
                          • Instruction ID: bc324e9eb2faec0a7a4fb8e3439a852020e3f5ea2675eb111858db208c387592
                          • Opcode Fuzzy Hash: 746dfe258002d5a918b8093713168acebb1ef72dafcb222ca0759b5784afea98
                          • Instruction Fuzzy Hash: 6A31B131F002168FCF25BFBC99486AE7AE5AF88740F118426D915EB358EE359D018B91
                          Function 018894D0 Relevance: .1, Instructions: 83COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fc7f27d45c852448ea886964bbce0d59c4ae58708439e23a7e3331029306167c
                          • Instruction ID: 7980e1b805f2e7f1f94412a8e7efaef966e71891324b2b85febc715c79de79c9
                          • Opcode Fuzzy Hash: fc7f27d45c852448ea886964bbce0d59c4ae58708439e23a7e3331029306167c
                          • Instruction Fuzzy Hash: EE316D70F042068FCB95EBBCD844AEE77F2EF89310B51847AE509DB255EB349D058B91
                          Function 0188B5B0 Relevance: .1, Instructions: 73COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1b6f5f5b4808f9e4bfd1750e302c5227fabddd5654cb777b80e297bb74c113ab
                          • Instruction ID: 29d3232ba2eb1ccd7f6c380dd629b09b761126a9c0aa041810a1c8156b0a870f
                          • Opcode Fuzzy Hash: 1b6f5f5b4808f9e4bfd1750e302c5227fabddd5654cb777b80e297bb74c113ab
                          • Instruction Fuzzy Hash: 4C219530B001098FDB14EF6DC558BAE76E6BFC9718F208169E502EB3F5DA719E008B51
                          Function 015CD01C Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4508842842.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_15cd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f32df2b1c19e123ec43a3cfdc13968143bf5c73bd801405e3040c45be24b4487
                          • Instruction ID: 1bc656ca6061d1b2b6b2c0558686f733f6f61c69d09c85d2e87aaae24c41875b
                          • Opcode Fuzzy Hash: f32df2b1c19e123ec43a3cfdc13968143bf5c73bd801405e3040c45be24b4487
                          • Instruction Fuzzy Hash: 3E21F1755042049FCB15DFA8D580B26BBA5FB84714F20C97DD90A9F256D33AD406CAA1
                          Function 0188B689 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fa44d26dd7e7b3135f699b796dbde05a232edd863a1bd93a3b2ace58b0dfb5b2
                          • Instruction ID: 9d4a53972375a8f73445379c12e9aa87c9d7c7fdf0c8f748fbb44980f512ccd8
                          • Opcode Fuzzy Hash: fa44d26dd7e7b3135f699b796dbde05a232edd863a1bd93a3b2ace58b0dfb5b2
                          • Instruction Fuzzy Hash: 4411E63060524A8FDB21EB29C994AAA7FF0EF8A318F2444A6D401DB263C335CA04C761
                          Function 0188B3DF Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eabf1819e5bb99cc9641b583df23500c961113039cb78a6a7951e9783c81b5f5
                          • Instruction ID: bc491f286f1afd6fda090af11733a0621f0b78ca2f2aefe4ad7550c8059424f2
                          • Opcode Fuzzy Hash: eabf1819e5bb99cc9641b583df23500c961113039cb78a6a7951e9783c81b5f5
                          • Instruction Fuzzy Hash: 56216630B041404ADB25971CA6C435DBFC69BD6308F28C49AD05D8E68AD677CD4E83B3
                          Function 01887B48 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a54ba6aff15d7789e50b38594dc353ce1039c4e4ab0e8b1b405d7cf72e892835
                          • Instruction ID: 0feb0ae435fd73bc1a1089e691733884d69b50720b6e78639b6f9545330759dc
                          • Opcode Fuzzy Hash: a54ba6aff15d7789e50b38594dc353ce1039c4e4ab0e8b1b405d7cf72e892835
                          • Instruction Fuzzy Hash: BB11B231B001198BCF19ABB8D8186AE77F6EFC8310B054538D906EB358EF39AD058BD1
                          Function 015CD006 Relevance: .1, Instructions: 62COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4508842842.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_15cd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: add7eb744995bdf7246a2ca5072ebddb1ce3c5bf89f09ee481d630813477eb65
                          • Instruction ID: aee58b0cc280f041c1798507a9ff1a5ed378248b093c5df3640f81c39b93c4bb
                          • Opcode Fuzzy Hash: add7eb744995bdf7246a2ca5072ebddb1ce3c5bf89f09ee481d630813477eb65
                          • Instruction Fuzzy Hash: 7D217F755093808FDB13CF68D594715BF71FB46214F28C5EAD8498F6A7C33A980ACBA2
                          Function 0188B1F9 Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 53f0821ee0ee41d18339eb13385cd2b82565c44686fef280dd1e44138280875a
                          • Instruction ID: bac381baaccca3720a82c7d6d66b89c6df6d22d6689984e029c3580ea1d9bc5c
                          • Opcode Fuzzy Hash: 53f0821ee0ee41d18339eb13385cd2b82565c44686fef280dd1e44138280875a
                          • Instruction Fuzzy Hash: 0C11B230E043468FCB51ABBC94086AE7BF1DF98310F1544BAD819DB356EA388E16CB91
                          Function 01887180 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fa31d25d79ef2e42f684ef1ab856c2163ec2740499bdc15ac6187d320891eaa3
                          • Instruction ID: 40e0ee2bd27f4243d5e0d7cf256ead8043d79669e0b67c8ecddb70c17638b481
                          • Opcode Fuzzy Hash: fa31d25d79ef2e42f684ef1ab856c2163ec2740499bdc15ac6187d320891eaa3
                          • Instruction Fuzzy Hash: 24214A74A0020A8FCB45DFA8E68469DBBF5FF84320F24852AD504E7215E731AA41CB94
                          Function 01889528 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b881796ff05340e8673686a0a4138170bf3a43ab3ab259b771dc85464ffa8718
                          • Instruction ID: a46a21e94e0d602171230fdf0d8176cd50734f83628f4a2c829b17694fb329e0
                          • Opcode Fuzzy Hash: b881796ff05340e8673686a0a4138170bf3a43ab3ab259b771dc85464ffa8718
                          • Instruction Fuzzy Hash: F511E830F001199F8B51EBBDD8449AE77F6BB89710B508029E509E7314EA34AD058BA1
                          Function 01889408 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 620982029c00769ecc3ffe6212bdcf511bd5901bf85465f366da6a6a1a0ec9a5
                          • Instruction ID: b06098c4b1208c896b812f96360c99688bf72505cf6d51bf9f8db48cceaa9ffe
                          • Opcode Fuzzy Hash: 620982029c00769ecc3ffe6212bdcf511bd5901bf85465f366da6a6a1a0ec9a5
                          • Instruction Fuzzy Hash: 1E11E870F0011A9F8B91EBBDD8449AEB7F6BB89710B508129D509E7314EA34AD058B91
                          Function 01888470 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e1721ec972d9b4eb87e3057006b0e0d8ef96c00fa926762d4722664233405ffd
                          • Instruction ID: 234d0b7dfdcddfb34a3dfb9eac2ba74b0543f04c43fd0565abfe3e3b4fbd1bbb
                          • Opcode Fuzzy Hash: e1721ec972d9b4eb87e3057006b0e0d8ef96c00fa926762d4722664233405ffd
                          • Instruction Fuzzy Hash: 2E110D75B001198FCB55EFACE84859EBBF5FB8C610B108125E909D3314EB34AD05CB90
                          Function 0188A288 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa22269cae43401539d73fde5ef1a74428d6626568988fcaf34dae19ab597720
                          • Instruction ID: 0c5cb8ed5e35a8a5615375d3f30de0b7e1d715c656139300846b272982eca545
                          • Opcode Fuzzy Hash: aa22269cae43401539d73fde5ef1a74428d6626568988fcaf34dae19ab597720
                          • Instruction Fuzzy Hash: 93111C70F001199F8B55EBBCD84499E77F5AF88720B508129D509E7754EA34AE058B91
                          Function 0188A283 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 23ad0f4a0f2cd3b2e025c7ad79f3147f657fe5d74b367f38e585e0261b6c5975
                          • Instruction ID: 56371de8aefa7b556cc8f53c421c0b67d0e7ddc0acec0464449b80f2ca3e04de
                          • Opcode Fuzzy Hash: 23ad0f4a0f2cd3b2e025c7ad79f3147f657fe5d74b367f38e585e0261b6c5975
                          • Instruction Fuzzy Hash: 61114875F001168FCB54EBBCE8449AE77F2BF88720B508129D409E7318EB349E068B91
                          Function 0188B258 Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9b573e09ef3158ae1a937f720cdbc706ae712b50d21c9d1c81045cf28bd5db56
                          • Instruction ID: 3a223ec09ee6bcb860bec8ae53f605c27129cd0ad693f365bbfc6a03f4b5348b
                          • Opcode Fuzzy Hash: 9b573e09ef3158ae1a937f720cdbc706ae712b50d21c9d1c81045cf28bd5db56
                          • Instruction Fuzzy Hash: 7BF01275F005195F8B90BBBD980869F7AF9DF88650B150475D519D7304EA348E018BD1
                          Function 01886CB9 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9409994a69142f0a300a1e8a468e64c8dd9dc4f4a0daba243d209e4a1e5e24ec
                          • Instruction ID: 0458934a3dc833fe39edd3fb2ecd974da4caf6ee8ec7400623bd55f98a0420e3
                          • Opcode Fuzzy Hash: 9409994a69142f0a300a1e8a468e64c8dd9dc4f4a0daba243d209e4a1e5e24ec
                          • Instruction Fuzzy Hash: C2F08275D012159F8B80DFB895052AE7BF4AE8832571504BFE919E7600E73446129B90
                          Function 01889587 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1628ae955d75a455ec7900890b5515ba5f3e1716ff0821a44c4ae9766714ef60
                          • Instruction ID: 0ce233a99802215e040a3dd57109ef890681524fbc4d52b767f01179704b2e6f
                          • Opcode Fuzzy Hash: 1628ae955d75a455ec7900890b5515ba5f3e1716ff0821a44c4ae9766714ef60
                          • Instruction Fuzzy Hash: 84E0C935B000198F8F54FBBCD85489DB3A5EFD9220B108035E505E7658EE389D018B61
                          Function 01886CC8 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06fc3de065946ad4a9c5f351d28bebd7fc6a7dfc67ad1c3c4bd185539d383f17
                          • Instruction ID: 728f5ee44c8741c8d283a269aa579034284a6aefa8466b7a75268fc3975eb344
                          • Opcode Fuzzy Hash: 06fc3de065946ad4a9c5f351d28bebd7fc6a7dfc67ad1c3c4bd185539d383f17
                          • Instruction Fuzzy Hash: 8FE04872E001199F4B50EFBDA8055EF7FFCEA8C251B150476E51DD3300EA705A118BD1
                          Function 018884D1 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4120c80427f71dcb43c46aa6cea50006983de8c05fe2f35d9f702af847cb0483
                          • Instruction ID: e9537c9dbab15fda68778ec8e452b40d99583f579e6039ee16a6164280a31773
                          • Opcode Fuzzy Hash: 4120c80427f71dcb43c46aa6cea50006983de8c05fe2f35d9f702af847cb0483
                          • Instruction Fuzzy Hash: AAE0C939B000198FCF15EBFCE85859CB7F1EFC8221B118065E905E7318EE38AD028B61
                          Function 01889467 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 91adc7b097a066a8e487bafe41b9f411c3f5dd978944aee057d4fded51c5488b
                          • Instruction ID: 7654345694ef1d297d5f8ab29b509ee0ad5ec14a508505ba7c58233591584c5f
                          • Opcode Fuzzy Hash: 91adc7b097a066a8e487bafe41b9f411c3f5dd978944aee057d4fded51c5488b
                          • Instruction Fuzzy Hash: 74E0C935B000298B8F54FBBCD85489DB3E2EFD9620B108024D505E7658EE389D058B91
                          Function 0188A2E7 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000006.00000002.4512736423.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_1880000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d36ad82a438126cef973e85c65148ace2b76b99d1f6c9ed61c9c0a905245d59d
                          • Instruction ID: f4408508c32229eaf2dfdd4132225f1d02b4371a365332fdee441735533345a0
                          • Opcode Fuzzy Hash: d36ad82a438126cef973e85c65148ace2b76b99d1f6c9ed61c9c0a905245d59d
                          • Instruction Fuzzy Hash: 66E0C935B000199B8F55FBBCE85449DB3A1EFD8620B508425D505E7658EE289D028BA1

                          Execution Graph

                          Execution Coverage:11.7%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:289
                          Total number of Limit Nodes:11
                          execution_graph 36269 c398538 36270 c398580 Wow64SetThreadContext 36269->36270 36272 c3985be 36270->36272 36533 c399098 36534 c399223 36533->36534 36535 c3990be 36533->36535 36535->36534 36538 c399318 PostMessageW 36535->36538 36540 c399311 36535->36540 36539 c399384 36538->36539 36539->36535 36541 c399318 PostMessageW 36540->36541 36542 c399384 36541->36542 36542->36535 36543 256aab0 36547 256ab98 36543->36547 36552 256aba8 36543->36552 36544 256aabf 36548 256abb9 36547->36548 36549 256abdc 36547->36549 36548->36549 36550 256ade0 GetModuleHandleW 36548->36550 36549->36544 36551 256ae0d 36550->36551 36551->36544 36553 256abdc 36552->36553 36554 256abb9 36552->36554 36553->36544 36554->36553 36555 256ade0 GetModuleHandleW 36554->36555 36556 256ae0d 36555->36556 36556->36544 36273 4d16d98 36274 4d16dc3 36273->36274 36287 4d167b8 36274->36287 36277 4d167b8 5 API calls 36278 4d16ded 36277->36278 36279 4d167b8 5 API calls 36278->36279 36280 4d16e0f 36279->36280 36281 4d167b8 5 API calls 36280->36281 36282 4d16e31 36281->36282 36291 4d16a80 36282->36291 36285 4d16a80 5 API calls 36286 4d16e74 36285->36286 36288 4d167c3 36287->36288 36295 4d16b50 36288->36295 36290 4d16dcc 36290->36277 36292 4d16a8b 36291->36292 36293 4d16e53 36292->36293 36377 4d1ddb8 36292->36377 36293->36285 36296 4d16b5b 36295->36296 36297 4d18142 36296->36297 36300 2565a50 36296->36300 36305 2567d88 36296->36305 36297->36290 36302 2565a5b 36300->36302 36301 2568089 36301->36297 36302->36301 36310 256cb68 36302->36310 36315 256cb78 36302->36315 36307 2567dc3 36305->36307 36306 2568089 36306->36297 36307->36306 36308 256cb78 5 API calls 36307->36308 36309 256cb68 5 API calls 36307->36309 36308->36306 36309->36306 36311 256cb99 36310->36311 36312 256cbbd 36311->36312 36320 256cd18 36311->36320 36324 256cd28 36311->36324 36312->36301 36316 256cb99 36315->36316 36317 256cbbd 36316->36317 36318 256cd18 5 API calls 36316->36318 36319 256cd28 5 API calls 36316->36319 36317->36301 36318->36317 36319->36317 36322 256cd35 36320->36322 36321 256cd6f 36321->36312 36322->36321 36328 256b8d0 36322->36328 36325 256cd35 36324->36325 36326 256b8d0 5 API calls 36325->36326 36327 256cd6f 36325->36327 36326->36327 36327->36312 36329 256b8d5 36328->36329 36331 256da88 36329->36331 36332 256d0d4 36329->36332 36333 256d0df 36332->36333 36334 2565a50 5 API calls 36333->36334 36336 256daf7 36334->36336 36335 256db31 36335->36331 36338 256f888 36336->36338 36339 256f8b9 36338->36339 36340 256f8c5 36338->36340 36339->36340 36343 4d109c0 36339->36343 36349 4d109b0 36339->36349 36340->36335 36344 4d109eb 36343->36344 36345 4d10a9a 36344->36345 36355 4d118a0 36344->36355 36361 4d118e4 36344->36361 36371 4d11792 36344->36371 36350 4d109eb 36349->36350 36351 4d10a9a 36350->36351 36352 4d118a0 5 API calls 36350->36352 36353 4d11792 5 API calls 36350->36353 36354 4d118e4 5 API calls 36350->36354 36352->36351 36353->36351 36354->36351 36356 4d118af 36355->36356 36358 4d118f0 CreateWindowExW 36356->36358 36359 4d118e4 CreateWindowExW CreateWindowExW CreateWindowExW CallWindowProcW CallWindowProcW 36356->36359 36360 4d11a97 CreateWindowExW CallWindowProcW CallWindowProcW 36356->36360 36357 4d118d5 36357->36345 36358->36357 36359->36357 36360->36357 36362 4d118aa 36361->36362 36362->36361 36363 4d118ac 36362->36363 36364 4d118ef CreateWindowExW 36362->36364 36368 4d118f0 CreateWindowExW 36363->36368 36369 4d118e4 CreateWindowExW CreateWindowExW CallWindowProcW CallWindowProcW 36363->36369 36370 4d11a97 CreateWindowExW CallWindowProcW CallWindowProcW 36363->36370 36367 4d11a12 36364->36367 36365 4d118d5 36365->36345 36368->36365 36369->36365 36370->36365 36372 4d117ba 36371->36372 36374 4d118f0 CreateWindowExW 36372->36374 36375 4d118e4 CreateWindowExW CreateWindowExW CreateWindowExW CallWindowProcW CallWindowProcW 36372->36375 36376 4d11a97 CreateWindowExW CallWindowProcW CallWindowProcW 36372->36376 36373 4d118d5 36373->36345 36374->36373 36375->36373 36376->36373 36378 4d1ddc3 36377->36378 36380 2565a50 5 API calls 36378->36380 36381 2567d88 5 API calls 36378->36381 36379 4d1efbc 36379->36293 36380->36379 36381->36379 36557 c396852 36561 c397b2d 36557->36561 36565 c397b38 36557->36565 36562 c397b38 CreateProcessW 36561->36562 36564 c397ca0 36562->36564 36566 c397bb7 CreateProcessW 36565->36566 36568 c397ca0 36566->36568 36569 c396dd4 36573 c3986c8 36569->36573 36576 c3986c0 36569->36576 36570 c396dee 36574 c39870b VirtualAllocEx 36573->36574 36575 c398742 36574->36575 36575->36570 36577 c3986c8 VirtualAllocEx 36576->36577 36579 c398742 36577->36579 36579->36570 36382 cdd01c 36383 cdd034 36382->36383 36384 cdd08e 36383->36384 36391 4d11b30 36383->36391 36397 4d1280a 36383->36397 36402 4d11aa8 36383->36402 36407 4d11af8 36383->36407 36413 4d12818 36383->36413 36418 4d11a97 36383->36418 36392 4d11ac2 36391->36392 36394 4d11aef 36391->36394 36393 4d11b03 36392->36393 36395 4d12818 2 API calls 36392->36395 36396 4d1280a 2 API calls 36392->36396 36393->36384 36394->36384 36395->36394 36396->36394 36398 4d12818 36397->36398 36399 4d12877 36398->36399 36427 4d12d98 36398->36427 36432 4d12da8 36398->36432 36399->36399 36403 4d11ac2 36402->36403 36405 4d12818 2 API calls 36403->36405 36406 4d1280a 2 API calls 36403->36406 36404 4d11aef 36404->36384 36405->36404 36406->36404 36408 4d11b03 36407->36408 36409 4d11ac2 36407->36409 36408->36384 36411 4d12818 2 API calls 36409->36411 36412 4d1280a 2 API calls 36409->36412 36410 4d11aef 36410->36384 36411->36410 36412->36410 36414 4d12845 36413->36414 36415 4d12877 36414->36415 36416 4d12d98 2 API calls 36414->36416 36417 4d12da8 2 API calls 36414->36417 36415->36415 36416->36415 36417->36415 36419 4d11a9b 36418->36419 36422 4d11a12 36418->36422 36420 4d119ef 36419->36420 36423 4d11aa7 36419->36423 36421 4d119f5 CreateWindowExW 36420->36421 36420->36422 36421->36422 36422->36384 36422->36422 36425 4d12818 2 API calls 36423->36425 36426 4d1280a 2 API calls 36423->36426 36424 4d11aef 36424->36384 36425->36424 36426->36424 36429 4d12dbc 36427->36429 36428 4d12e48 36428->36399 36437 4d12e60 36429->36437 36440 4d12e52 36429->36440 36434 4d12dbc 36432->36434 36433 4d12e48 36433->36399 36435 4d12e60 2 API calls 36434->36435 36436 4d12e52 2 API calls 36434->36436 36435->36433 36436->36433 36439 4d12e71 36437->36439 36444 4d14021 36437->36444 36439->36428 36441 4d12e60 36440->36441 36442 4d14021 2 API calls 36441->36442 36443 4d12e71 36441->36443 36442->36443 36443->36428 36448 4d14050 36444->36448 36452 4d14040 36444->36452 36445 4d1403a 36445->36439 36449 4d14092 36448->36449 36451 4d14099 36448->36451 36450 4d140ea CallWindowProcW 36449->36450 36449->36451 36450->36451 36451->36445 36453 4d14092 36452->36453 36455 4d14099 36452->36455 36454 4d140ea CallWindowProcW 36453->36454 36453->36455 36454->36455 36455->36445 36456 c398928 36457 c398969 ResumeThread 36456->36457 36458 c398996 36457->36458 36459 c39a728 36460 c39a750 36459->36460 36461 c39a746 36459->36461 36463 c39a790 36461->36463 36464 c39a79e 36463->36464 36467 c39a7bd 36463->36467 36468 c39a2fc 36464->36468 36467->36460 36469 c39a908 CloseHandle 36468->36469 36470 c39a7b9 36469->36470 36470->36460 36471 c3973a8 36472 c3973ae 36471->36472 36476 c3985f8 36472->36476 36479 c3985f0 36472->36479 36473 c3973d7 36477 c398643 ReadProcessMemory 36476->36477 36478 c398686 36477->36478 36478->36473 36480 c3985f8 ReadProcessMemory 36479->36480 36482 c398686 36480->36482 36482->36473 36483 c3967e8 36487 c398768 36483->36487 36491 c398770 36483->36491 36484 c39668e 36488 c398770 WriteProcessMemory 36487->36488 36490 c39880c 36488->36490 36490->36484 36492 c3987bb WriteProcessMemory 36491->36492 36494 c39880c 36492->36494 36494->36484 36495 256ce40 36496 256ce86 36495->36496 36500 256d428 36496->36500 36503 256d419 36496->36503 36497 256cf73 36501 256d456 36500->36501 36506 256b930 36500->36506 36501->36497 36504 256b930 DuplicateHandle 36503->36504 36505 256d456 36504->36505 36505->36497 36507 256d490 DuplicateHandle 36506->36507 36508 256d526 36507->36508 36508->36501 36509 c396ae0 36511 c398768 WriteProcessMemory 36509->36511 36512 c398770 WriteProcessMemory 36509->36512 36510 c396b04 36511->36510 36512->36510 36580 6b378c8 36581 6b37853 36580->36581 36582 6b378a0 36581->36582 36591 c39043b 36581->36591 36595 c391b76 36581->36595 36599 c392144 36581->36599 36605 c3903d2 36581->36605 36609 c39210e 36581->36609 36613 c39072f 36581->36613 36617 c39218f 36581->36617 36621 c39078c 36581->36621 36625 c392838 36591->36625 36628 c392840 36591->36628 36592 c39044c 36597 c392838 VirtualProtect 36595->36597 36598 c392840 VirtualProtect 36595->36598 36596 c391b87 36597->36596 36598->36596 36600 c39210e 36599->36600 36601 c392147 36599->36601 36603 c392838 VirtualProtect 36600->36603 36604 c392840 VirtualProtect 36600->36604 36602 c39211f 36603->36602 36604->36602 36607 c392838 VirtualProtect 36605->36607 36608 c392840 VirtualProtect 36605->36608 36606 c3903e6 36606->36582 36607->36606 36608->36606 36611 c392838 VirtualProtect 36609->36611 36612 c392840 VirtualProtect 36609->36612 36610 c39211f 36611->36610 36612->36610 36615 c392838 VirtualProtect 36613->36615 36616 c392840 VirtualProtect 36613->36616 36614 c390743 36615->36614 36616->36614 36619 c392838 VirtualProtect 36617->36619 36620 c392840 VirtualProtect 36617->36620 36618 c3921a0 36619->36618 36620->36618 36623 c392838 VirtualProtect 36621->36623 36624 c392840 VirtualProtect 36621->36624 36622 c39079d 36623->36622 36624->36622 36626 c392888 VirtualProtect 36625->36626 36627 c3928c2 36626->36627 36627->36592 36629 c392888 VirtualProtect 36628->36629 36630 c3928c2 36629->36630 36630->36592 36513 2566c08 36515 2566c16 36513->36515 36516 2565944 36513->36516 36517 256594f 36516->36517 36520 25659f0 36517->36520 36519 2566ced 36519->36515 36521 25659fb 36520->36521 36524 2565a20 36521->36524 36523 2566dc2 36523->36519 36525 2565a2b 36524->36525 36526 2565a50 5 API calls 36525->36526 36527 2566ec5 36526->36527 36527->36523 36528 c3974e7 36529 c3974f0 36528->36529 36531 c398768 WriteProcessMemory 36529->36531 36532 c398770 WriteProcessMemory 36529->36532 36530 c39751c 36531->36530 36532->36530

                          Executed Functions

                          Function 06B33748 Relevance: 7.1, Strings: 5, Instructions: 850COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: (ojq$(ojq$,nq$,nq$Hnq
                          • API String ID: 0-177556883
                          • Opcode ID: 7c2004bb5216f52b44f33f9da340f8e421d89ebe64b6b0f54dc2be16785ec15d
                          • Instruction ID: 6845e25aed8042d7018607b7f3bcbec185869ea47d2b645b5f26fde10badba7e
                          • Opcode Fuzzy Hash: 7c2004bb5216f52b44f33f9da340f8e421d89ebe64b6b0f54dc2be16785ec15d
                          • Instruction Fuzzy Hash: 7C628FB5B006659FCB54DF68D984A6E7BF2FF88310B1581A9E816DB361DB30EC41CB90
                          Function 06B376C0 Relevance: 5.4, Strings: 4, Instructions: 362COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1552 6b376c0-6b376d4 1553 6b376d6-6b376dc 1552->1553 1554 6b376ec-6b376f4 1552->1554 1555 6b376e0-6b376ea 1553->1555 1556 6b376de 1553->1556 1557 6b378a0-6b378a2 1554->1557 1558 6b376fa-6b376fc 1554->1558 1555->1554 1556->1554 1559 6b378a4-6b378a9 1557->1559 1560 6b378ac-6b378b3 1557->1560 1558->1557 1561 6b37702-6b37706 1558->1561 1559->1560 1563 6b377f0-6b377f8 1561->1563 1564 6b3770c-6b37714 1561->1564 1563->1557 1565 6b377fe-6b37802 1563->1565 1564->1557 1566 6b3771a-6b3771e 1564->1566 1567 6b37804-6b37813 1565->1567 1568 6b3783c-6b3784b 1565->1568 1569 6b37720-6b3772f 1566->1569 1570 6b3775b-6b3776e 1566->1570 1567->1557 1576 6b37819-6b3781c 1567->1576 1568->1557 1577 6b3784d-6b37850 1568->1577 1569->1557 1578 6b37735-6b37738 1569->1578 1570->1557 1575 6b37774 1570->1575 1579 6b37777-6b3777d 1575->1579 1580 6b3781f-6b37822 1576->1580 1581 6b37853-6b3785c 1577->1581 1582 6b3773b-6b3773e 1578->1582 1584 6b378bb-6b378ea 1579->1584 1585 6b37783-6b37789 1579->1585 1580->1584 1586 6b37828-6b37830 1580->1586 1581->1584 1587 6b3785e-6b37863 1581->1587 1583 6b37744-6b3774c 1582->1583 1582->1584 1588 6b37752-6b37754 1583->1588 1589 6b378b6 1583->1589 1604 6b378f3-6b378ff 1584->1604 1605 6b378ec-6b378ee 1584->1605 1590 6b3778b-6b3779b 1585->1590 1591 6b377dd-6b377e0 1585->1591 1586->1589 1592 6b37836-6b37838 1586->1592 1593 6b37897-6b3789a 1587->1593 1594 6b37865-6b3786b 1587->1594 1588->1582 1596 6b37756 1588->1596 1589->1584 1590->1591 1608 6b3779d-6b377a9 1590->1608 1591->1589 1599 6b377e6-6b377e9 1591->1599 1592->1580 1598 6b3783a 1592->1598 1593->1589 1597 6b3789c-6b3789e 1593->1597 1594->1584 1595 6b3786d-6b37875 1594->1595 1595->1584 1601 6b37877-6b3787d 1595->1601 1596->1557 1597->1557 1597->1581 1598->1557 1599->1579 1603 6b377eb 1599->1603 1601->1593 1607 6b3787f-6b3788a 1601->1607 1603->1557 1612 6b37901-6b37903 1604->1612 1613 6b37908-6b3791d 1604->1613 1606 6b379c6-6b379cb 1605->1606 1607->1584 1610 6b3788c-6b37890 1607->1610 1608->1584 1611 6b377af-6b377b7 1608->1611 1610->1593 1611->1584 1614 6b377bd-6b377cc 1611->1614 1612->1606 1618 6b37931-6b3793d 1613->1618 1619 6b3791f-6b3792a 1613->1619 1614->1584 1615 6b377d2-6b377d6 1614->1615 1615->1591 1622 6b3794a-6b3794c 1618->1622 1623 6b3793f-6b37948 1618->1623 1619->1618 1624 6b3794e-6b3795a 1622->1624 1625 6b3795c-6b37960 1622->1625 1623->1622 1624->1625 1630 6b37972-6b3797c 1624->1630 1627 6b37962-6b3796c 1625->1627 1628 6b3796e-6b37970 1625->1628 1632 6b379d8-6b379e4 1627->1632 1628->1606 1635 6b3797e-6b3798a 1630->1635 1636 6b379cc-6b379d6 1630->1636 1637 6b379f1-6b379f3 1632->1637 1638 6b379e6-6b379ef 1632->1638 1641 6b3799c-6b3799e 1635->1641 1642 6b3798c-6b3799a 1635->1642 1636->1632 1637->1606 1638->1606 1641->1606 1642->1641 1645 6b379a0-6b379a6 1642->1645 1646 6b379aa 1645->1646 1647 6b379a8 1645->1647 1648 6b379ac-6b379ae 1646->1648 1647->1648 1649 6b379b0-6b379bc 1648->1649 1650 6b379f5-6b37a25 1648->1650 1649->1650 1653 6b379be 1649->1653 1657 6b37a27-6b37a71 1650->1657 1653->1606 1664 6b37a73-6b37a96 call 6b3839c 1657->1664 1665 6b37a9c 1664->1665 1666 6b37aa3-6b37abf 1665->1666 1668 6b37ac1 1666->1668 1669 6b37ac8-6b37ac9 1666->1669 1668->1665 1668->1669 1670 6b37ae5 1668->1670 1671 6b37acb-6b37ae3 1668->1671 1669->1670 1674 6b37ae5 call c39043b 1670->1674 1675 6b37ae5 call c39078c 1670->1675 1676 6b37ae5 call c39218f 1670->1676 1677 6b37ae5 call c39072f 1670->1677 1678 6b37ae5 call c39210e 1670->1678 1679 6b37ae5 call c3903d2 1670->1679 1680 6b37ae5 call c390225 1670->1680 1681 6b37ae5 call c392144 1670->1681 1682 6b37ae5 call c391b76 1670->1682 1671->1666 1673 6b37aeb-6b37aef 1674->1673 1675->1673 1676->1673 1677->1673 1678->1673 1679->1673 1680->1673 1681->1673 1682->1673
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq$4'jq$$jq
                          • API String ID: 0-3079517566
                          • Opcode ID: 5b53d66a73b7641d8ee6528a0ea97b11534b668ac5e4ef828e1defd32171f3a3
                          • Instruction ID: 5546aee84fe66da25af024b4d1aa311a2a9c92d6dadaace50f2f3eabca899de4
                          • Opcode Fuzzy Hash: 5b53d66a73b7641d8ee6528a0ea97b11534b668ac5e4ef828e1defd32171f3a3
                          • Instruction Fuzzy Hash: 76D1D4F0B002218FDB99CF79C484A2A7BA2BF85300B1585F9D4559B362DF30DC42CBA9
                          Function 06B3AB38 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1752 6b3ab38-6b3ab5d 1753 6b3ab64-6b3ab81 1752->1753 1754 6b3ab5f 1752->1754 1755 6b3ab89 1753->1755 1754->1753 1756 6b3ab90-6b3abac 1755->1756 1757 6b3abb5-6b3abb6 1756->1757 1758 6b3abae 1756->1758 1768 6b3af1f-6b3af32 1757->1768 1758->1755 1758->1757 1759 6b3aef3-6b3af00 1758->1759 1760 6b3ae51-6b3ae69 1758->1760 1761 6b3aed7-6b3aeee 1758->1761 1762 6b3ac37-6b3ac43 1758->1762 1763 6b3adb4-6b3adbd 1758->1763 1764 6b3acdb-6b3ace7 1758->1764 1765 6b3abbb-6b3abbf 1758->1765 1766 6b3ac7b-6b3ac7f 1758->1766 1767 6b3ae1a-6b3ae26 1758->1767 1758->1768 1769 6b3ac61-6b3ac76 1758->1769 1770 6b3ac01-6b3ac1a call 6b3b140 1758->1770 1771 6b3ad60-6b3ad6c 1758->1771 1772 6b3ae00-6b3ae15 1758->1772 1773 6b3af05-6b3af1a 1758->1773 1774 6b3aea4-6b3aed2 1758->1774 1775 6b3acab-6b3acaf 1758->1775 1776 6b3ad8a-6b3adaf 1758->1776 1777 6b3ade9-6b3adfb 1758->1777 1778 6b3abe8-6b3abff 1758->1778 1779 6b3ad2c-6b3ad38 1758->1779 1759->1756 1794 6b3ae70-6b3ae86 1760->1794 1795 6b3ae6b 1760->1795 1761->1756 1780 6b3ac45 1762->1780 1781 6b3ac4a-6b3ac5c 1762->1781 1786 6b3add0-6b3add7 1763->1786 1787 6b3adbf-6b3adce 1763->1787 1790 6b3ace9 1764->1790 1791 6b3acee-6b3ad04 1764->1791 1796 6b3abd2-6b3abd9 1765->1796 1797 6b3abc1-6b3abd0 1765->1797 1784 6b3ac92-6b3ac99 1766->1784 1785 6b3ac81-6b3ac90 1766->1785 1792 6b3ae28 1767->1792 1793 6b3ae2d-6b3ae4c 1767->1793 1769->1756 1807 6b3ac20-6b3ac32 1770->1807 1782 6b3ad73-6b3ad85 1771->1782 1783 6b3ad6e 1771->1783 1772->1756 1773->1756 1774->1756 1788 6b3acc2-6b3acc9 1775->1788 1789 6b3acb1-6b3acc0 1775->1789 1776->1756 1777->1756 1778->1756 1798 6b3ad3a 1779->1798 1799 6b3ad3f-6b3ad5b 1779->1799 1780->1781 1781->1756 1782->1756 1783->1782 1802 6b3aca0-6b3aca6 1784->1802 1785->1802 1804 6b3adde-6b3ade4 1786->1804 1787->1804 1805 6b3acd0-6b3acd6 1788->1805 1789->1805 1790->1791 1815 6b3ad06 1791->1815 1816 6b3ad0b-6b3ad27 1791->1816 1792->1793 1793->1756 1817 6b3ae88 1794->1817 1818 6b3ae8d-6b3ae9f 1794->1818 1795->1794 1806 6b3abe0-6b3abe6 1796->1806 1797->1806 1798->1799 1799->1756 1802->1756 1804->1756 1805->1756 1806->1756 1807->1756 1815->1816 1816->1756 1817->1818 1818->1756
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Y^a$Y^a
                          • API String ID: 0-3108335248
                          • Opcode ID: 71c575ef0ba8c9db850864681e76df44217e5d6df291f11106135787d7f5b051
                          • Instruction ID: 44a77ea105da137cea0c8ac0a0b8d2e5a957cf575a607c170bd4c930a0d11a6e
                          • Opcode Fuzzy Hash: 71c575ef0ba8c9db850864681e76df44217e5d6df291f11106135787d7f5b051
                          • Instruction Fuzzy Hash: DCC136B4E1421ADFDB44CF99C4818AEFBB2FF88301B20D599D456AB315D734AA42CF90
                          Function 06B38672 Relevance: 2.7, Strings: 2, Instructions: 204COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1928 6b38672-6b386db 1930 6b386e2-6b3873c 1928->1930 1931 6b386dd 1928->1931 1934 6b3873f 1930->1934 1931->1930 1935 6b38746-6b38762 1934->1935 1936 6b38764 1935->1936 1937 6b3876b-6b3876c 1935->1937 1936->1934 1936->1937 1938 6b38811-6b38826 1936->1938 1939 6b38771-6b3878d 1936->1939 1940 6b38874-6b388ba 1936->1940 1941 6b3882b-6b38847 1936->1941 1942 6b387fa-6b3880c 1936->1942 1943 6b387ca-6b387ce 1936->1943 1944 6b388bf-6b3892f 1936->1944 1945 6b3878f-6b387c5 1936->1945 1937->1944 1938->1935 1939->1935 1940->1935 1961 6b38849 call 6b38e32 1941->1961 1962 6b38849 call 6b38e40 1941->1962 1942->1935 1946 6b387e1-6b387e8 1943->1946 1947 6b387d0-6b387df 1943->1947 1963 6b38931 call 6b3a9b3 1944->1963 1964 6b38931 call 6b39c30 1944->1964 1965 6b38931 call 6b39c40 1944->1965 1966 6b38931 call 6b39b90 1944->1966 1967 6b38931 call 6b3a947 1944->1967 1968 6b38931 call 6b3a355 1944->1968 1969 6b38931 call 6b39f64 1944->1969 1970 6b38931 call 6b39e2b 1944->1970 1971 6b38931 call 6b3a3e9 1944->1971 1945->1935 1951 6b387ef-6b387f5 1946->1951 1947->1951 1951->1935 1954 6b3884f-6b3886f 1954->1935 1960 6b38937-6b38941 1961->1954 1962->1954 1963->1960 1964->1960 1965->1960 1966->1960 1967->1960 1968->1960 1969->1960 1970->1960 1971->1960
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq$Tejq
                          • API String ID: 0-942063033
                          • Opcode ID: d9b55e5b1d53f1199791c2a7287bb0e26017b5ecd7f9ff4a579302918b1e348b
                          • Instruction ID: 9f7382ad07d94d478a74b5b25b545659ced71d1fa5ebe5f2abcc3a699bb48134
                          • Opcode Fuzzy Hash: d9b55e5b1d53f1199791c2a7287bb0e26017b5ecd7f9ff4a579302918b1e348b
                          • Instruction Fuzzy Hash: 7691F4B4E042198FDB48CFA9C984A9DFBB2BF89300F24806AE419BB355DB345906CF55
                          Function 06B386B8 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1972 6b386b8-6b386db 1974 6b386e2-6b3873c 1972->1974 1975 6b386dd 1972->1975 1978 6b3873f 1974->1978 1975->1974 1979 6b38746-6b38762 1978->1979 1980 6b38764 1979->1980 1981 6b3876b-6b3876c 1979->1981 1980->1978 1980->1981 1982 6b38811-6b38826 1980->1982 1983 6b38771-6b3878d 1980->1983 1984 6b38874-6b388ba 1980->1984 1985 6b3882b-6b38847 1980->1985 1986 6b387fa-6b3880c 1980->1986 1987 6b387ca-6b387ce 1980->1987 1988 6b388bf-6b3892f 1980->1988 1989 6b3878f-6b387c5 1980->1989 1981->1988 1982->1979 1983->1979 1984->1979 2014 6b38849 call 6b38e32 1985->2014 2015 6b38849 call 6b38e40 1985->2015 1986->1979 1990 6b387e1-6b387e8 1987->1990 1991 6b387d0-6b387df 1987->1991 2005 6b38931 call 6b3a9b3 1988->2005 2006 6b38931 call 6b39c30 1988->2006 2007 6b38931 call 6b39c40 1988->2007 2008 6b38931 call 6b39b90 1988->2008 2009 6b38931 call 6b3a947 1988->2009 2010 6b38931 call 6b3a355 1988->2010 2011 6b38931 call 6b39f64 1988->2011 2012 6b38931 call 6b39e2b 1988->2012 2013 6b38931 call 6b3a3e9 1988->2013 1989->1979 1995 6b387ef-6b387f5 1990->1995 1991->1995 1995->1979 1998 6b3884f-6b3886f 1998->1979 2004 6b38937-6b38941 2005->2004 2006->2004 2007->2004 2008->2004 2009->2004 2010->2004 2011->2004 2012->2004 2013->2004 2014->1998 2015->1998
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq$Tejq
                          • API String ID: 0-942063033
                          • Opcode ID: 6cc3c424f904974e2b02f37940c1e5e37fb7e1a2f5ada53cf07925e6e25f2f68
                          • Instruction ID: 22773871233e642065c344b1ce3b67ebea5adbfdf01cc4a4c5b35e0319fb10ea
                          • Opcode Fuzzy Hash: 6cc3c424f904974e2b02f37940c1e5e37fb7e1a2f5ada53cf07925e6e25f2f68
                          • Instruction Fuzzy Hash: 3F81B3B4E002198FDB48CFA9C985A9EFBB2BF89300F24942AE519BB354DB345905CF55
                          Function 06B3863E Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2016 6b3863e-6b386db 2018 6b386e2-6b3873c 2016->2018 2019 6b386dd 2016->2019 2022 6b3873f 2018->2022 2019->2018 2023 6b38746-6b38762 2022->2023 2024 6b38764 2023->2024 2025 6b3876b-6b3876c 2023->2025 2024->2022 2024->2025 2026 6b38811-6b38826 2024->2026 2027 6b38771-6b3878d 2024->2027 2028 6b38874-6b388ba 2024->2028 2029 6b3882b-6b38847 2024->2029 2030 6b387fa-6b3880c 2024->2030 2031 6b387ca-6b387ce 2024->2031 2032 6b388bf-6b3892f 2024->2032 2033 6b3878f-6b387c5 2024->2033 2025->2032 2026->2023 2027->2023 2028->2023 2058 6b38849 call 6b38e32 2029->2058 2059 6b38849 call 6b38e40 2029->2059 2030->2023 2034 6b387e1-6b387e8 2031->2034 2035 6b387d0-6b387df 2031->2035 2049 6b38931 call 6b3a9b3 2032->2049 2050 6b38931 call 6b39c30 2032->2050 2051 6b38931 call 6b39c40 2032->2051 2052 6b38931 call 6b39b90 2032->2052 2053 6b38931 call 6b3a947 2032->2053 2054 6b38931 call 6b3a355 2032->2054 2055 6b38931 call 6b39f64 2032->2055 2056 6b38931 call 6b39e2b 2032->2056 2057 6b38931 call 6b3a3e9 2032->2057 2033->2023 2039 6b387ef-6b387f5 2034->2039 2035->2039 2039->2023 2042 6b3884f-6b3886f 2042->2023 2048 6b38937-6b38941 2049->2048 2050->2048 2051->2048 2052->2048 2053->2048 2054->2048 2055->2048 2056->2048 2057->2048 2058->2042 2059->2042
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq$Tejq
                          • API String ID: 0-942063033
                          • Opcode ID: 62e999f2862c4a37ed786dec4f8689b556d927cce21274d123122a05936914b8
                          • Instruction ID: ae8566e19d10255e98aef12c8ea34870a0a88a0044b455e3a737c31773eeceb5
                          • Opcode Fuzzy Hash: 62e999f2862c4a37ed786dec4f8689b556d927cce21274d123122a05936914b8
                          • Instruction Fuzzy Hash: 5481A4B4E00219CFDB48CFA9C985A9DFBB2BF89300F24942AE419BB354DB345906CF55
                          Function 06B38E40 Relevance: .1, Instructions: 137COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 243eeb9adb26975b9453df98ce292e04c743b1db2ed8dfb7b1249633c2805ecb
                          • Instruction ID: 5245d868eb1152431fc6ef11424d665518819230944c5f93a55fd4d9d0ce7d6d
                          • Opcode Fuzzy Hash: 243eeb9adb26975b9453df98ce292e04c743b1db2ed8dfb7b1249633c2805ecb
                          • Instruction Fuzzy Hash: 8A5107B0E142298FDB48CFA9C5405AEFBF2FF89300F14D46AE419B7250D7389A41CBA5
                          Function 06B38E32 Relevance: .1, Instructions: 135COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dd2d0688133c4513a41443329a177b16be71aa1271ce391994a3cf59611edcbd
                          • Instruction ID: dfa73b40098e8d97f72cb3159d234c2f8fb37b199a3ac2c4cee0a1239e54fc10
                          • Opcode Fuzzy Hash: dd2d0688133c4513a41443329a177b16be71aa1271ce391994a3cf59611edcbd
                          • Instruction Fuzzy Hash: D5513CB0E142298FDB48CFA9C5406AEFBF3FF89300F14C56AE419A7251D7389A41CB65
                          Function 06B39B90 Relevance: .1, Instructions: 109COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1304e96369bb083a926667c760b0d5b1da51b9056743aa447c91f08ebc4b421c
                          • Instruction ID: 1d7390d95bcdf67665c966ea43236864452ed9246e038aee914ecdeafaff3a0e
                          • Opcode Fuzzy Hash: 1304e96369bb083a926667c760b0d5b1da51b9056743aa447c91f08ebc4b421c
                          • Instruction Fuzzy Hash: 3C41E6B1D093A44FD70ADF7AD8606DDBFB6AFC6300F18C1ABC0849B266EA744944CB55
                          Function 06B37B00 Relevance: .1, Instructions: 104COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9ab4f7cecd4fc1dbadc2913b987349e94dcb52a39908e6e38096e860e8121251
                          • Instruction ID: 00990bb7cc52c083175f79b7866d72ea9d083f91afdf0b02224313f19e12b712
                          • Opcode Fuzzy Hash: 9ab4f7cecd4fc1dbadc2913b987349e94dcb52a39908e6e38096e860e8121251
                          • Instruction Fuzzy Hash: 78410AB1E00658CFEB58CFAAD94069EBBB3ABC9300F14C0BAD548AB255DB345A418F55
                          Function 06B39C40 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d2d6a0745f1d4967afa4578cf45e649a807822dcb92fde4679cc97eb11e90425
                          • Instruction ID: 6dc5922c9f77c954a182afb142ed083ba6d22ecab4e39e10073a7f6fc40235f4
                          • Opcode Fuzzy Hash: d2d6a0745f1d4967afa4578cf45e649a807822dcb92fde4679cc97eb11e90425
                          • Instruction Fuzzy Hash: D921E5B1E006188BEB58CFABD9406DEFBF7EFC9310F14C16AD409A6218EA741A55CF50
                          Function 06B39C30 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c68c6424d91f03d1bf4c8420c765bd8c81f19ee9a64cf7a18c4caa0f6157169c
                          • Instruction ID: e083981250a756f413dea264c48726e256ab5a825b89a44f6b78d5d247cd4d5c
                          • Opcode Fuzzy Hash: c68c6424d91f03d1bf4c8420c765bd8c81f19ee9a64cf7a18c4caa0f6157169c
                          • Instruction Fuzzy Hash: C32129B1E006189BDB18CFABC84469EFBF7AFC9300F14C06AD409AA258EB745945CF51
                          Function 06B32510 Relevance: 7.6, Strings: 6, Instructions: 107COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1228 6b32510-6b32537 1229 6b32568-6b3256d 1228->1229 1230 6b32539-6b3253c 1229->1230 1231 6b32545-6b32559 1230->1231 1232 6b3253e 1230->1232 1242 6b32665-6b32675 1231->1242 1248 6b3255f-6b32566 1231->1248 1232->1229 1232->1231 1233 6b325c1-6b325d9 1232->1233 1234 6b32604-6b3260d 1232->1234 1235 6b32644-6b32658 1232->1235 1236 6b3265b-6b32660 1232->1236 1237 6b32599-6b3259b 1232->1237 1238 6b3256f-6b3257d 1232->1238 1239 6b3259e-6b325a5 1232->1239 1240 6b325ee-6b325ff 1232->1240 1233->1242 1256 6b325df-6b325e9 1233->1256 1234->1242 1243 6b3260f-6b3261c 1234->1243 1236->1230 1237->1239 1244 6b32592-6b32597 1238->1244 1245 6b3257f-6b32586 1238->1245 1239->1242 1246 6b325ab-6b325b4 1239->1246 1240->1230 1243->1242 1249 6b3261e-6b32628 1243->1249 1251 6b32590 1244->1251 1245->1242 1250 6b3258c 1245->1250 1252 6b325b6 1246->1252 1253 6b325b9-6b325bc 1246->1253 1248->1230 1257 6b3262a-6b3262e 1249->1257 1258 6b3262f-6b32631 1249->1258 1250->1251 1251->1230 1252->1253 1253->1230 1256->1230 1257->1258 1259 6b32633 1258->1259 1260 6b3263d-6b32642 1258->1260 1261 6b32638 1259->1261 1260->1261 1261->1230
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq$Tejq$Tejq$Tejq$Tejq$Tejq
                          • API String ID: 0-3906027405
                          • Opcode ID: a3e9b4964693819557519b3fe53a81c3f3af3def535fe2a9f42695dc291a844d
                          • Instruction ID: dca5b38a59586399e2703ff04febcdb574d7a83f9010446736615aded7c5818e
                          • Opcode Fuzzy Hash: a3e9b4964693819557519b3fe53a81c3f3af3def535fe2a9f42695dc291a844d
                          • Instruction Fuzzy Hash: 4041CFF1B04235CFD7408F6AE9616AABBB0FF09300F4591A6E665C7296D334DB00CB91
                          Function 06B327D8 Relevance: 5.2, Strings: 4, Instructions: 186COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1684 6b327d8-6b32806 1685 6b32834-6b3284d 1684->1685 1687 6b32808-6b3280b 1685->1687 1688 6b32814-6b32832 1687->1688 1689 6b3280d 1687->1689 1688->1687 1689->1685 1689->1688 1690 6b32972-6b3297e 1689->1690 1691 6b32ad0 1689->1691 1692 6b32935 1689->1692 1693 6b32ab4-6b32ace 1689->1693 1694 6b328da-6b328df 1689->1694 1695 6b32a7a-6b32aab 1689->1695 1696 6b328e1-6b32932 call 6b31134 1689->1696 1697 6b32981-6b32986 1689->1697 1698 6b32946-6b32970 1689->1698 1699 6b32864-6b3287d 1689->1699 1700 6b329e4-6b329fe 1689->1700 1701 6b32a4a 1689->1701 1702 6b32988-6b329df 1689->1702 1703 6b3284f-6b32863 1689->1703 1704 6b32a0f-6b32a25 1689->1704 1705 6b3288e-6b328d1 1689->1705 1706 6b32a2e-6b32a48 1689->1706 1690->1697 1721 6b32ad1 1691->1721 1708 6b3293a-6b3293d 1692->1708 1728 6b32a6e-6b32a71 1693->1728 1710 6b32882-6b32885 1694->1710 1695->1728 1696->1692 1697->1708 1698->1708 1699->1710 1722 6b32a03-6b32a06 1700->1722 1701->1728 1702->1708 1704->1722 1705->1694 1706->1722 1708->1698 1727 6b3293f 1708->1727 1710->1705 1717 6b32887 1710->1717 1717->1690 1717->1691 1717->1692 1717->1693 1717->1694 1717->1695 1717->1696 1717->1697 1717->1698 1717->1700 1717->1701 1717->1702 1717->1704 1717->1705 1717->1706 1721->1721 1722->1704 1733 6b32a08 1722->1733 1727->1690 1727->1691 1727->1693 1727->1695 1727->1697 1727->1698 1727->1700 1727->1701 1727->1702 1727->1704 1727->1706 1728->1695 1735 6b32a73 1728->1735 1733->1691 1733->1693 1733->1695 1733->1701 1733->1704 1733->1706 1735->1691 1735->1693 1735->1695
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq$Tejq$Tejq$Tejq
                          • API String ID: 0-340682006
                          • Opcode ID: ab072b8f5212cc0d23818961587248e3ae9c44f28ca1265829e4ac15e3f6373d
                          • Instruction ID: 3a0064c900e1eb9b22722bfdf40df66d0bd5dd89d83401366ec56479c9a96ffd
                          • Opcode Fuzzy Hash: ab072b8f5212cc0d23818961587248e3ae9c44f28ca1265829e4ac15e3f6373d
                          • Instruction Fuzzy Hash: D861D6B0F40124DFEB549F69D95576E77B2FF84310F2084AAE542AB3C4CA709E41CB91
                          Function 0256ABA8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0256ADFE
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424549338.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_2560000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: a541e0609a5935d113c8d01839905b8779963ba8af4bb70cae41da1f90b6d92a
                          • Instruction ID: 71bc7d4ae7dfabccc2b65bfb1f7eecccabe4be339f3ada2c86ecda5711a55bb6
                          • Opcode Fuzzy Hash: a541e0609a5935d113c8d01839905b8779963ba8af4bb70cae41da1f90b6d92a
                          • Instruction Fuzzy Hash: 4B714670A00B458FDB24DF69D14476ABBF6FF88304F00892DE48AD7A50DB35E849CB94
                          Function 0C397B2D Relevance: 1.6, APIs: 1, Instructions: 148processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0C397C8B
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: cb95f7b81098115427ebfac520e0b64d47ad95994d6aff872f001f92249af923
                          • Instruction ID: 45f9f0d60de4a532f1129d46b084523a329302356129bba9fafa2534036496cf
                          • Opcode Fuzzy Hash: cb95f7b81098115427ebfac520e0b64d47ad95994d6aff872f001f92249af923
                          • Instruction Fuzzy Hash: FB512671911319DFDF64DF99C840BDDBBB6BF49300F11809AE808A7260DB759A89CFA1
                          Function 0C397B38 Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 0C397C8B
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: cc30cb2f0d444088bd166e6457b8fe8dac7aa2262d6e33249fc64bc4adf88ed2
                          • Instruction ID: abadb1d91320da6cecc08d831b74674597d4a02fc0e47451691ac6561b20b15f
                          • Opcode Fuzzy Hash: cc30cb2f0d444088bd166e6457b8fe8dac7aa2262d6e33249fc64bc4adf88ed2
                          • Instruction Fuzzy Hash: C7511571911319DFDF64DF99C880BDDBBB6BF49300F10809AE808A7260DB759A89CF61
                          Function 04D118E4 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                          Download Yara Rule
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D11A02
                          Memory Dump Source
                          • Source File: 00000007.00000002.2433493594.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_4d10000_kmk.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: f5ff8c979dc6a1dd8d67174f130333d9063cd72a28d1aece9bb7a3876fb6d3cc
                          • Instruction ID: 996a6cf7dea758c3b929074fee3c50d6179bd035ba11fe5f94744ac5b0411382
                          • Opcode Fuzzy Hash: f5ff8c979dc6a1dd8d67174f130333d9063cd72a28d1aece9bb7a3876fb6d3cc
                          • Instruction Fuzzy Hash: 1B5101B1C00249AFDF15CF99D880ADDBFB2FF48310F14816AE918AB221D775A945CF90
                          Function 04D118F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                          Download Yara Rule
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D11A02
                          Memory Dump Source
                          • Source File: 00000007.00000002.2433493594.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_4d10000_kmk.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: d8bb060db3aa8da22140d6230cae7a70ee89ea6b4a0cefa216b81a0bc4e819e1
                          • Instruction ID: 5ec6138cfae3bbf807f3f0f63a71df182e709bda498f170d79888db28e954dbf
                          • Opcode Fuzzy Hash: d8bb060db3aa8da22140d6230cae7a70ee89ea6b4a0cefa216b81a0bc4e819e1
                          • Instruction Fuzzy Hash: AC41C3B1D00349AFDB14CF99D984ADEBFB5BF48310F24822AE918AB210D774A945CF91
                          Function 04D14050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                          Download Yara Rule
                          APIs
                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 04D14111
                          Memory Dump Source
                          • Source File: 00000007.00000002.2433493594.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_4d10000_kmk.jbxd
                          Similarity
                          • API ID: CallProcWindow
                          • String ID:
                          • API String ID: 2714655100-0
                          • Opcode ID: e360fb95b54bc2d5f3261b5531aef7b548ee42c7b5034688cb4015112a0c1ae6
                          • Instruction ID: dc18dba24eeddde34de7831eb5d7b1f2daa5975734bf10923b38f4da3729acd3
                          • Opcode Fuzzy Hash: e360fb95b54bc2d5f3261b5531aef7b548ee42c7b5034688cb4015112a0c1ae6
                          • Instruction Fuzzy Hash: 5D413CB9A00305DFDB14CF99D848AAABBF5FF88314F24C499D519AB321D375A841CFA0
                          Function 04D11A97 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2433493594.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_4d10000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 51fe5c224fe08725113d658c26a8a1100dd7e07c307e5d366f3ca9db5b0e0561
                          • Instruction ID: dc348e4457b34f27cc8965eca8199be40e4a329264b7fcc1b3311b03bac520f4
                          • Opcode Fuzzy Hash: 51fe5c224fe08725113d658c26a8a1100dd7e07c307e5d366f3ca9db5b0e0561
                          • Instruction Fuzzy Hash: 3531E276D00208EFDB21DF94E844AAEBFB5FB49310F14825BE9059B221D775A906CFA1
                          Function 0C398768 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON
                          Download Yara Rule
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0C3987FD
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: 17e6bb463cb87508788fcaf9b57548767536bf8bad1467da47f2cdf28b050442
                          • Instruction ID: 7bb0c03d87d25dbcef5c67d938a0a61b63cb4fc4c3977a558fbb76b3f506f1ad
                          • Opcode Fuzzy Hash: 17e6bb463cb87508788fcaf9b57548767536bf8bad1467da47f2cdf28b050442
                          • Instruction Fuzzy Hash: 4D2105B59102499FCB10CF9AC885BDEBBF4FF49310F148429E958A3251D778A940CFA5
                          Function 0256D488 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                          Download Yara Rule
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0256D456,?,?,?,?,?), ref: 0256D517
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424549338.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_2560000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 73639e22b6229a640d8093b13b6af061ecd793537a65aca59154eee5c948cc76
                          • Instruction ID: 215ef7e8e39ed12e2a5aa0b30dd603116ab11277fff30ffba89ae9de806c390a
                          • Opcode Fuzzy Hash: 73639e22b6229a640d8093b13b6af061ecd793537a65aca59154eee5c948cc76
                          • Instruction Fuzzy Hash: CF21E6B59012489FDB10CF9AD584AEEFFF5FB48314F14841AE918A3310D378A944CFA5
                          Function 0256B930 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                          Download Yara Rule
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0256D456,?,?,?,?,?), ref: 0256D517
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424549338.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_2560000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: b67459dc5bf08a3b7d482bc0df5737e5948f4130ad94915d139f3e0f59e602bd
                          • Instruction ID: 2525a59de0b75779e56722973cd6a63cf16cb8af5b5f7a7e1f87fa9bde01a2e5
                          • Opcode Fuzzy Hash: b67459dc5bf08a3b7d482bc0df5737e5948f4130ad94915d139f3e0f59e602bd
                          • Instruction Fuzzy Hash: 4F21E6B59012489FDB10CF9AD584AEEBFF4FB48314F14845AE918A7310D378A954CFA5
                          Function 0C398770 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                          Download Yara Rule
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0C3987FD
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: f7b997234af9f2d481e465f6da343b4cdfeac160d6d10fcc0dbcb438ed39b2cf
                          • Instruction ID: 4c238a5e80b093311567334edb2cdfa54e4bb34db016ca69b910e184bca5c432
                          • Opcode Fuzzy Hash: f7b997234af9f2d481e465f6da343b4cdfeac160d6d10fcc0dbcb438ed39b2cf
                          • Instruction Fuzzy Hash: 8721E2B59112499FCB10CF9AC885BDEBBF4FF49310F10842AE918A3290D778A944CFA5
                          Function 0C3985F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0C398677
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: 792fcff1000b59452ad4ebdd637cd44e7245ae69ad64b2e3fcb827e48755d88c
                          • Instruction ID: aabcf6211aa519054495bf443f2e244e5d0d0d5a5f18885e1ae8f0b2f9ff53e5
                          • Opcode Fuzzy Hash: 792fcff1000b59452ad4ebdd637cd44e7245ae69ad64b2e3fcb827e48755d88c
                          • Instruction Fuzzy Hash: 7321EFB59003499FCB10CF9AD884BDEBBF4FB49320F10842AE958A7251D378A944CFA5
                          Function 0C398530 Relevance: 1.6, APIs: 1, Instructions: 59threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0C3985AF
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 8f754e6c1c0ad11dafe01644e05239d39c92ef4a737e83b6dc34ba7cffc7bf27
                          • Instruction ID: 6d902eb2d8d60d3f3dbc67e0265bc9cf182ef25dc4d91c80954882bcb7d60cd4
                          • Opcode Fuzzy Hash: 8f754e6c1c0ad11dafe01644e05239d39c92ef4a737e83b6dc34ba7cffc7bf27
                          • Instruction Fuzzy Hash: 602110B5D1025A8FCB00CFAAC9857AEFBF4BF49214F14812AD418A3241E378A944CFA1
                          Function 0C3985F8 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                          Download Yara Rule
                          APIs
                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0C398677
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: MemoryProcessRead
                          • String ID:
                          • API String ID: 1726664587-0
                          • Opcode ID: 102b1bc711d5ca4d34df628dfd28cd8b4d1a98e4927d121497547fe29c042613
                          • Instruction ID: 5bb33d6832237559834a7ecfc60839c8f3278e3b22f981079e26fa7e20829f85
                          • Opcode Fuzzy Hash: 102b1bc711d5ca4d34df628dfd28cd8b4d1a98e4927d121497547fe29c042613
                          • Instruction Fuzzy Hash: B421D0B59012499FCB10CF9AD884ADEBBF4FB49310F10842AE918A7250D378A544CFA5
                          Function 0C398538 Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0C3985AF
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: e9144dbf37f057351b46f4afb5e1dd84d213c49a39305941f5aacf59ef7152e2
                          • Instruction ID: beae42215e8a17a864099343bcd9f8cef2e5209887ae7ec0a93eb9bc6b4bcc6e
                          • Opcode Fuzzy Hash: e9144dbf37f057351b46f4afb5e1dd84d213c49a39305941f5aacf59ef7152e2
                          • Instruction Fuzzy Hash: 622106B5D102599FCB00CF9AC4457AEFBF4FB49314F10812AD518A3340D378A944CFA1
                          Function 0C392838 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0C3928B3
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: ff4bbd2b811cca1ec51596e2c9cae865b0f70a42377f0957633e980c4a3b3bf6
                          • Instruction ID: a8b1c8219fe8cf5c619fb42fded9c7ecb07953f5d0210a77981d734a584b436f
                          • Opcode Fuzzy Hash: ff4bbd2b811cca1ec51596e2c9cae865b0f70a42377f0957633e980c4a3b3bf6
                          • Instruction Fuzzy Hash: 8D2103B59002499FCB10CF9AC584BDEBBF4FF48320F10842AE968A7251D378A644CFA1
                          Function 0C392840 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0C3928B3
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: bd9bb8d5491a390e31acc36ff2c845b3024d5ad6bb8ea421fdb7a3fb77d73b67
                          • Instruction ID: f4654463be0bb6d786b7c6198602390c1d086d16c2ca711e19cea8e9efa0dffb
                          • Opcode Fuzzy Hash: bd9bb8d5491a390e31acc36ff2c845b3024d5ad6bb8ea421fdb7a3fb77d73b67
                          • Instruction Fuzzy Hash: A921E4B59006499FCB10DF9AC484BDEFBF4FF48320F108429E958A7250D379A544CFA1
                          Function 0C3986C0 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0C398733
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 34f1cf407455793e5a6ab86496a7102b2cfcf2dc647bd3f8b7c6727d67a1f48e
                          • Instruction ID: 10f46e0a0007f37d63f07914abb36371b21c150318ebed384ee7c41c0f40c46e
                          • Opcode Fuzzy Hash: 34f1cf407455793e5a6ab86496a7102b2cfcf2dc647bd3f8b7c6727d67a1f48e
                          • Instruction Fuzzy Hash: 4A1104B58002489FCB10DF9AC844BDEBFF8FB49310F148419E558A7250D335A540CFA1
                          Function 0C3986C8 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0C398733
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 2df292e22d7469e81ce3f8e7ac1514c11906edba1aae3d4ca721f7b0a7d4c5d0
                          • Instruction ID: 6f4a6b9843a579d680ded6e913da7c3ab8a2260823208ef618e6c9f6f600e347
                          • Opcode Fuzzy Hash: 2df292e22d7469e81ce3f8e7ac1514c11906edba1aae3d4ca721f7b0a7d4c5d0
                          • Instruction Fuzzy Hash: 8311E3B59002499FCB10DF9AD884BDEBFF4FB49320F208419E518A7250D379A544CFA1
                          Function 0C399311 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,?,?,?), ref: 0C399375
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: 8bba38e13d3333281592cd56a56b38119a45f9c2d0148c67dd8566414f8eb9e0
                          • Instruction ID: c28243f53aa6f9fe1af7592768dcd8dddd5e01c223ab6e0a57798bec68cdf458
                          • Opcode Fuzzy Hash: 8bba38e13d3333281592cd56a56b38119a45f9c2d0148c67dd8566414f8eb9e0
                          • Instruction Fuzzy Hash: CE11F5B58003499FCB10DF9AC885BDEFBF8FB49310F24845AE559A7250D379A544CFA1
                          Function 0256AD98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0256ADFE
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424549338.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_2560000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: 8295830450c9d5c61b106bb781ebca334527957cf2970fa50b1c49e8b21a1781
                          • Instruction ID: 24917a2a9657c34d62700474abbbe221bb6de85ac73254944717bbbdcd62993a
                          • Opcode Fuzzy Hash: 8295830450c9d5c61b106bb781ebca334527957cf2970fa50b1c49e8b21a1781
                          • Instruction Fuzzy Hash: 9711DFB5C002498FCB10DF9AC448ADEFBF5BB88324F10845AD469B7210D379A945CFA5
                          Function 0C398920 Relevance: 1.5, APIs: 1, Instructions: 45threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: fbfd0e4c6cafb09e289db2fc1fb5e40ba66997bd0848db7e1b39c7dc44e534ce
                          • Instruction ID: 20419bc4d4e14a4714a92366aa710e026d87fc3bb134bd097b2051decdf7f4f1
                          • Opcode Fuzzy Hash: fbfd0e4c6cafb09e289db2fc1fb5e40ba66997bd0848db7e1b39c7dc44e534ce
                          • Instruction Fuzzy Hash: 641106B58002498FCB10DF9AD444BDEFBF8EB49314F20845AE559A3250C379A544CFA6
                          Function 0C399318 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,?,?,?), ref: 0C399375
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: MessagePost
                          • String ID:
                          • API String ID: 410705778-0
                          • Opcode ID: 9255fe6b26c62df510db0d85c8018978fd59e8ed09e424ff1eea4d538c48357f
                          • Instruction ID: 959c2f8c21b02c6d337ddae2e70e704976f6a2d1946abd0114cfadcba6527abb
                          • Opcode Fuzzy Hash: 9255fe6b26c62df510db0d85c8018978fd59e8ed09e424ff1eea4d538c48357f
                          • Instruction Fuzzy Hash: 3F11E2B58003499FDB10DF9AC885BDEFBF8FB48320F24845AE559A7250C379A944CFA1
                          Function 0C398928 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 54e0457c08107bb1b30e66d30f94d70d3ccf851c1174fd2df297bff2bacfaa3d
                          • Instruction ID: 5056ba310e61dfd7ceb63de55ffd06a942e1eea0126d92b2287bcf0ed3934746
                          • Opcode Fuzzy Hash: 54e0457c08107bb1b30e66d30f94d70d3ccf851c1174fd2df297bff2bacfaa3d
                          • Instruction Fuzzy Hash: C911E2B58002498FCB10DF9AD584BDEFBF8EB49324F20845AD658A7250C779A944CFA6
                          Function 06B33320 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: d8oq
                          • API String ID: 0-2048867746
                          • Opcode ID: 71095fa1e6949f0744b3523b84020f4090f7fc3b85081dcbd664da95db728267
                          • Instruction ID: 6c6e7d2657a023a91e265583d0133783aaa32bcc12b224365bebfd0f35922bec
                          • Opcode Fuzzy Hash: 71095fa1e6949f0744b3523b84020f4090f7fc3b85081dcbd664da95db728267
                          • Instruction Fuzzy Hash: CC6180B4B00158CFCB55DF68D854AAE7BF6EF88711F1494A9E902AB3A0CB35DC41CB90
                          Function 06B33050 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Hnq
                          • API String ID: 0-2896580000
                          • Opcode ID: 9feb1e61ac83d240ed812cc51a4bfc9cf0f690da7c4adb6d47daecf353ec9d39
                          • Instruction ID: 9c848c21f3e79bd232a133d9002008f3d7db14aff3a3bacf03cea127783b2cad
                          • Opcode Fuzzy Hash: 9feb1e61ac83d240ed812cc51a4bfc9cf0f690da7c4adb6d47daecf353ec9d39
                          • Instruction Fuzzy Hash: 96419FB1F055B58EDB808FAAC9406AFBBF1EB05341F1481A6E064A7291C37A9A41CB91
                          Function 06B33230 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Hnq
                          • API String ID: 0-2896580000
                          • Opcode ID: a21a1b3fed1f6db2160658eccb1ed767e5cdb6900c03492890dcc0daf5003e3d
                          • Instruction ID: d5c05de14869537211cb9be9ecee99811def78f45b28dacfc832109d30121ed3
                          • Opcode Fuzzy Hash: a21a1b3fed1f6db2160658eccb1ed767e5cdb6900c03492890dcc0daf5003e3d
                          • Instruction Fuzzy Hash: 4821A270B04244AFEB849F749C15BAF7BB6EF88340F10C4AAE505EB284DE349E058795
                          Function 0C39A2FC Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                          • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,0C39A7B9,?,?), ref: 0C39A960
                          Memory Dump Source
                          • Source File: 00000007.00000002.2436066036.000000000C390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_c390000_kmk.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID:
                          • API String ID: 2962429428-0
                          • Opcode ID: 5e52a22ee08878e9fd99a46f4cad156866a0716202893b60d9161d0b4655a1a2
                          • Instruction ID: 6a24b0178150df8f17a80d65e61d20bbb6f01a2a10e7d753d6c69fddadf6c3cd
                          • Opcode Fuzzy Hash: 5e52a22ee08878e9fd99a46f4cad156866a0716202893b60d9161d0b4655a1a2
                          • Instruction Fuzzy Hash: 6D1122B59002498FDB20DF9AC444BEEBBF4FB48320F21845AE958A7340D378A944CFA5
                          Function 06B33A87 Relevance: .1, Instructions: 117COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e4ddae3a09aa069804e182b17b394fe7a949b2cc852c40e15394e77291b807aa
                          • Instruction ID: f725aae8892b00c2dbca1dec8ce975661ee942b2af20a8893d666d068ce76ec5
                          • Opcode Fuzzy Hash: e4ddae3a09aa069804e182b17b394fe7a949b2cc852c40e15394e77291b807aa
                          • Instruction Fuzzy Hash: 394149B0B002699FCF05DF64E844AAE7BA7FF88311F148569E8029B294DB34DD56CB90
                          Function 06B33041 Relevance: .1, Instructions: 105COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 970c51392aff2c56fb2705ce71d12fd8365fec9d07df0ad55bd143535560b039
                          • Instruction ID: 4759e83f0a9fe06343076339ae6cdb4bccc722f99a4f438c1bc194113a578d09
                          • Opcode Fuzzy Hash: 970c51392aff2c56fb2705ce71d12fd8365fec9d07df0ad55bd143535560b039
                          • Instruction Fuzzy Hash: D541B6B1E055B58FDB848FAAC8406EFFBF1EB45341F1441A6D064A7291C37A9A41CB91
                          Function 06B31D92 Relevance: .1, Instructions: 104COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d5aba8a85a1c9d0b771f993b6ea0b00e0c589af367a91e1398ce05c76ad4397a
                          • Instruction ID: db0096045fca263db363a4a686c37f38409b13d98cf97056de5e712ce730e811
                          • Opcode Fuzzy Hash: d5aba8a85a1c9d0b771f993b6ea0b00e0c589af367a91e1398ce05c76ad4397a
                          • Instruction Fuzzy Hash: 6F41F7B0B55330CFD390CBADD840ABAB7EAEF46311F0481E6E4658B6A2D339D841C651
                          Function 00CCD3B4 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424143783.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_ccd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e7b3703ddf2afdff5becdc4792f2a70b0c1637483acb4e607deef10823a38bdf
                          • Instruction ID: 11ffdc3adee99f181b3dad9e71ba178a296c657476a82348ddd0ee44856f670f
                          • Opcode Fuzzy Hash: e7b3703ddf2afdff5becdc4792f2a70b0c1637483acb4e607deef10823a38bdf
                          • Instruction Fuzzy Hash: 8521FFB1500240DFCB09DF14D9C0F26BF65FB98324F24C57DEA0A0A256C33AE856DAA2
                          Function 06B39130 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f0653afaf38cb790332cf043196622a008f714769c4832441743ba84e98c1e9
                          • Instruction ID: 97156c133ceb0703ca7abc9f5c3ae8839cb6703cf5f3f1a9b4fe21503d0b4522
                          • Opcode Fuzzy Hash: 6f0653afaf38cb790332cf043196622a008f714769c4832441743ba84e98c1e9
                          • Instruction Fuzzy Hash: B73107B4E04619AFCB44DFA9C944AAEBBF2EF89300F14C5A9D419A7314E7749A01CF90
                          Function 00CDD01C Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424218427.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_cdd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 400fb2ad8c854a75a6a1bd9ca03c1bccbca959d09f5e877b76499866d05e3f19
                          • Instruction ID: 6fae04aa985d7bd9ac7d9ab37f9e720632e946f2cc76210a0a400a2870a93b70
                          • Opcode Fuzzy Hash: 400fb2ad8c854a75a6a1bd9ca03c1bccbca959d09f5e877b76499866d05e3f19
                          • Instruction Fuzzy Hash: F821D371904204DFCB14DF24D9C4B26BB65EB88314F24C56ADA0A4B356C33AE806CA61
                          Function 00CDD1D4 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424218427.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_cdd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ada64739a65ee0a4c406360f785839f387a265da46043331cc2331e2f67f7a2
                          • Instruction ID: 074f9a03c752b8c5bf82800a834907c3e43f5813dfb8c8faef01d9c978e260d0
                          • Opcode Fuzzy Hash: 6ada64739a65ee0a4c406360f785839f387a265da46043331cc2331e2f67f7a2
                          • Instruction Fuzzy Hash: ED21D771944204EFDB05DF54D9C0F26BB65FB84314F24C5AEEA4A4B356C33ADC46CA61
                          Function 06B39028 Relevance: .1, Instructions: 71COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1313ccfbaa05a251c3016da16b9d4939caf77e1ca4051d529863c13c935f511d
                          • Instruction ID: 8615cf6b79c37f919e1cd00da1af209c753d79be77539b1bcb705ee90d5d0a04
                          • Opcode Fuzzy Hash: 1313ccfbaa05a251c3016da16b9d4939caf77e1ca4051d529863c13c935f511d
                          • Instruction Fuzzy Hash: 0B312DB4E04259DFCB85CFA9C5409AEFBF2EF89310F1081AAD814A7355D7349942CF51
                          Function 06B33310 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b0cba876f3ba71df8ba26b95657e0e6daa367ac31fca15380bf9fef155f5c377
                          • Instruction ID: 10dc5cd55169727d9f00d7c83d200e45db0918dd4f433f96d5d6d060eb4e1941
                          • Opcode Fuzzy Hash: b0cba876f3ba71df8ba26b95657e0e6daa367ac31fca15380bf9fef155f5c377
                          • Instruction Fuzzy Hash: C72168B5A00148DFCF54CFA8E844AEDBBF2EB88321F149068E501AB3A0CB319D51CF64
                          Function 06B39038 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 05a4f27b8af0dc863a31a4a256eb1db237364eadd3192808f34fb6a4c6829f69
                          • Instruction ID: 79dd32abbaece10eeeeb82737294772bbae6adb6580df870908fcb6469c00555
                          • Opcode Fuzzy Hash: 05a4f27b8af0dc863a31a4a256eb1db237364eadd3192808f34fb6a4c6829f69
                          • Instruction Fuzzy Hash: 1531A8B4E002199FCB84DFA9C581AAEFBF2EF88300F109566D818A7714E7749941CF91
                          Function 06B39140 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4b87803dddc3176e120830f20e0bc28dfdc03d60dbe747357a0c4e67e2a91d43
                          • Instruction ID: ec154fda0e1092b7e9731dfac60516ad317d444accc40ce6abed76bb0eb2872e
                          • Opcode Fuzzy Hash: 4b87803dddc3176e120830f20e0bc28dfdc03d60dbe747357a0c4e67e2a91d43
                          • Instruction Fuzzy Hash: AB21F6B4E04619AFCB44DFA9C9449AEBBF6AF88300F14C5A9D419A7314E7749A018F90
                          Function 06B3B140 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c8716c130a9028e8638680d01066d4513b53af40a75df89b7d768e3c04528ad9
                          • Instruction ID: e445c9b7fe853d21affc3db2f0d40c00951b33072486a9a2bc2735a3ffa8071f
                          • Opcode Fuzzy Hash: c8716c130a9028e8638680d01066d4513b53af40a75df89b7d768e3c04528ad9
                          • Instruction Fuzzy Hash: B221F6B4E10619EFDB44CFA9C9406AEBBF1FF99240F1095AAC509A7214D7309A41CB90
                          Function 00CDD005 Relevance: .1, Instructions: 62COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424218427.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_cdd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9d38ed897a1ce7a44691d797e6d72c9d1f84f5b59609ceb9a71422c8b48c9a41
                          • Instruction ID: f1aad0934e21a45c9f6427932d414dda2006848364be6f826535a1cee32cc251
                          • Opcode Fuzzy Hash: 9d38ed897a1ce7a44691d797e6d72c9d1f84f5b59609ceb9a71422c8b48c9a41
                          • Instruction Fuzzy Hash: 6A218E755093808FCB12CF24D994715BF71EB86314F28C5EBD9498B6A7C33A980ACB62
                          Function 06B3B238 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55e59d269a3fd3a28aca70e8ea48c9bdd3b8d6ec6b86d6f0b693f50dbcfdbb58
                          • Instruction ID: cd55ac6c86a17a26fb8f2aba4c6ca5a9bc2169c02e1423d48df3652e2e896c99
                          • Opcode Fuzzy Hash: 55e59d269a3fd3a28aca70e8ea48c9bdd3b8d6ec6b86d6f0b693f50dbcfdbb58
                          • Instruction Fuzzy Hash: 7D11F6B4E05518EFCB44DFA9CA44A9EFBF2EB88300F14D5AA991897365DB30DA01DB40
                          Function 00CCD3AF Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424143783.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_ccd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                          • Instruction ID: e730493b238943b54873e5b75a2a7b4f27b00aa284eb015e6b3b20381041cbb6
                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                          • Instruction Fuzzy Hash: E511D376504280CFCB16CF10D9C4B16BF71FB94324F24C5ADD94A4B656C336E95ACBA2
                          Function 00CDD1CF Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2424218427.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_cdd000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                          • Instruction ID: 395a87499e36997eb9d2be83585d02b180be61dec7031f7f29c67361de410c12
                          • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                          • Instruction Fuzzy Hash: 1011BB75904280DFCB02CF10C5C4B15FBB1FB84314F24C6AAD94A4B796C33AD84ACB62
                          Function 06B315C8 Relevance: .0, Instructions: 44COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 82d3a54adfadf7e6a75cf1fadab637bf3fb224bfb9e34374a591891ace10c6e7
                          • Instruction ID: 0a3c5e449b620f8d19c55090cc41fef3426853de619b3da069d3061b60e6c0b4
                          • Opcode Fuzzy Hash: 82d3a54adfadf7e6a75cf1fadab637bf3fb224bfb9e34374a591891ace10c6e7
                          • Instruction Fuzzy Hash: 62019E71D04255DFCB11DF58C8256EFBFB1EF0A310F0881AAE619AB182D7748555CBD1
                          Function 06B3A3E9 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0acf3eb2d0997e53813e0538a36ca42751c0f44641622e5b9b9d1d4cee6dad30
                          • Instruction ID: b274993e960bd7af8429240ce09ff34e1202e0bc19e47d40d042fbffb6d39ced
                          • Opcode Fuzzy Hash: 0acf3eb2d0997e53813e0538a36ca42751c0f44641622e5b9b9d1d4cee6dad30
                          • Instruction Fuzzy Hash: E61109B4A04268CFCBA4DF18C8856DDBBB0FF18310F6051D9D4496B20AD734AA84CF95
                          Function 06B3A9B3 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b4e9ea86d49e282b9212a0d605aef2a08e4783a3824302718d7b42fb0254210e
                          • Instruction ID: 557e3d8c8f72dc822be5366e36a3091323a4eee77645aa7a5b6831ded6bb7bab
                          • Opcode Fuzzy Hash: b4e9ea86d49e282b9212a0d605aef2a08e4783a3824302718d7b42fb0254210e
                          • Instruction Fuzzy Hash: F9014874A05258DFCB61CFA4CA81A9DBBF6FB49300F60519AE44AAB354D734EA42CF00
                          Function 06B308E5 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1df8de3c0f55db86281bef1abf6d6c73e36f5c7bd57f46e4b20060aa616ab606
                          • Instruction ID: 8a321c0a652f5727a3336e268133c86aadf0936fa55493c8d2475800f34c768d
                          • Opcode Fuzzy Hash: 1df8de3c0f55db86281bef1abf6d6c73e36f5c7bd57f46e4b20060aa616ab606
                          • Instruction Fuzzy Hash: 8B012839910258DEDF01CFD0C844BADBBB2FF08301F14C14AE909AF2A5E7369952EB40
                          Function 06B39F64 Relevance: .0, Instructions: 31COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26f8de772220a4218952f32e8e5074110c6fc32db6e760a0b858aa4405b477d0
                          • Instruction ID: 2af896e0adcf00d14755c2e6e9b4fd3b1988d00eb1afa04b3c6ec8545aeacddb
                          • Opcode Fuzzy Hash: 26f8de772220a4218952f32e8e5074110c6fc32db6e760a0b858aa4405b477d0
                          • Instruction Fuzzy Hash: 9801E874A112298FCBA0DF58C991A98BBB5FF48350F5094D5E84DD7315E730AE81CF51
                          Function 06B33739 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b7e713169b7484e393fa9ec5b8fe810d6325b0946abaad57dc6f43c3a6ef987b
                          • Instruction ID: c222942df7209314834866be2631f7e92f57a12079c3eecef85e6b5330aed841
                          • Opcode Fuzzy Hash: b7e713169b7484e393fa9ec5b8fe810d6325b0946abaad57dc6f43c3a6ef987b
                          • Instruction Fuzzy Hash: AAE022FAB04380DFCB010A68E85439D7FA0DB55351F0080B2CA40C6162DA348514CA62
                          Function 06B3A947 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1dab68c7c6638f786c1ff2fa02feee823eaa7610d8134c4db6bc99ec19707aba
                          • Instruction ID: f76653bff3ebf2f3886a89e1f752dcef469c8be09d763deda36b31d48f188282
                          • Opcode Fuzzy Hash: 1dab68c7c6638f786c1ff2fa02feee823eaa7610d8134c4db6bc99ec19707aba
                          • Instruction Fuzzy Hash: E801AF74A06368DFCB60CF64C981A9CBBF6BB48301F50419AE809AB355D734AA82CF00
                          Function 06B3A355 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55b67675929a4cdc2bc5b0c3c4c08fd53814af00d4ac297ed3f02f4c07a4b848
                          • Instruction ID: 2ef368e69d80f19f66969b26dd9484bdfa8785fa9b349dd1b72b495e1dfd1c7b
                          • Opcode Fuzzy Hash: 55b67675929a4cdc2bc5b0c3c4c08fd53814af00d4ac297ed3f02f4c07a4b848
                          • Instruction Fuzzy Hash: 0CE052B4A0162CCFDBA4CF68D981ADDB7B1FF48310F2081D9D519A7758E630AA85CF91
                          Function 06B39E2B Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 90ff93548af1fa22c4c6ca5376936c8e83b83f0d485b80198b0957df8d542596
                          • Instruction ID: 20c5a90e7e760ea387d9c5c672cc273c5073de6a7d92aa98a0d0b6ba40a5a68f
                          • Opcode Fuzzy Hash: 90ff93548af1fa22c4c6ca5376936c8e83b83f0d485b80198b0957df8d542596
                          • Instruction Fuzzy Hash: 9DE07E74612314CFC7549F24D5948A87BB2FF49316F9010D8E80A5B361CB36DD86CE00
                          Function 06B3839C Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f89766ad99c7252c3d2f1e2239ff1eb2299f0b4f3addc01f9d92cea334b26af3
                          • Instruction ID: 69c1e82a7d9ae1c45b01b991d90c4cde9a1f15341a3565ff4bc7c84bda42eeb3
                          • Opcode Fuzzy Hash: f89766ad99c7252c3d2f1e2239ff1eb2299f0b4f3addc01f9d92cea334b26af3
                          • Instruction Fuzzy Hash: B3E09A7091122A8FDB94DFA9D981B9CBBF6AF84204F10D5A69009B6264DA359E85CF20

                          Non-executed Functions

                          Function 06B392A0 Relevance: 5.2, Strings: 4, Instructions: 171COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: ?b=`$?b=`$?b=`$[t8S
                          • API String ID: 0-1841163519
                          • Opcode ID: ab2791783b07cf6d9219b9120a2c9c17a6c1481128039e2a000625327e282aa6
                          • Instruction ID: 728b914e0864112dbd1bed18e5cc3006232e263ff14732f8b270b7a15f0c0672
                          • Opcode Fuzzy Hash: ab2791783b07cf6d9219b9120a2c9c17a6c1481128039e2a000625327e282aa6
                          • Instruction Fuzzy Hash: B47145B4E0161ADFDB44DF9AD580AAEFBB2FB88310F109469E415A7314E3749A42CF90
                          Function 06B39292 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: ?b=`$?b=`$?b=`$[t8S
                          • API String ID: 0-1841163519
                          • Opcode ID: 6926fca0a7b215c3749c023a80b961a35db27538de0408f53a79dcdfdb3fe205
                          • Instruction ID: 7787b4791a2a74cfb9a2b4604e2f6d4145f099d8af8f26100d90158dba451cc7
                          • Opcode Fuzzy Hash: 6926fca0a7b215c3749c023a80b961a35db27538de0408f53a79dcdfdb3fe205
                          • Instruction Fuzzy Hash: A06158B4E0161ADFCB44DF99D5809AEFBB2FB88310F149466E415A7354E3749A42CF90
                          Function 06B3C5A0 Relevance: 5.2, Strings: 4, Instructions: 166COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2434510381.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_6b30000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: ?F]$?F]$$Pa$$Pa
                          • API String ID: 0-3427814143
                          • Opcode ID: 4f12ed7f54df4818c837987780beda0fcfa945592cc6db8ae28c4cfa7b72d007
                          • Instruction ID: 56eeced17513ee78fbcf4909596bad2d430b6ce9929c3bb143ca96a0979ac786
                          • Opcode Fuzzy Hash: 4f12ed7f54df4818c837987780beda0fcfa945592cc6db8ae28c4cfa7b72d007
                          • Instruction Fuzzy Hash: D471C0B4E0122ACFCB44CFA9C8859AEFFB2BF48310F14955AD515BB211D734A982CF95

                          Execution Graph

                          Execution Coverage:10.1%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:120
                          Total number of Limit Nodes:9
                          execution_graph 34938 e5a3f0 34939 e5a436 GetCurrentProcess 34938->34939 34941 e5a488 GetCurrentThread 34939->34941 34945 e5a481 34939->34945 34942 e5a4c5 GetCurrentProcess 34941->34942 34943 e5a4be 34941->34943 34944 e5a4fb 34942->34944 34943->34942 34946 e5a523 GetCurrentThreadId 34944->34946 34945->34941 34947 e5a554 34946->34947 34954 f29288 34956 f2928b 34954->34956 34955 f29206 34956->34955 34957 f2933b LdrInitializeThunk 34956->34957 34958 f29358 34957->34958 34959 e0d01c 34960 e0d034 34959->34960 34961 e0d08e 34960->34961 34968 e56a11 34960->34968 34971 e5479c 34960->34971 34975 e547ac 34960->34975 34983 e568f0 34960->34983 34989 e568e0 34960->34989 34995 e5b220 34960->34995 34969 e56a27 34968->34969 35003 e547d4 34968->35003 34969->34961 34972 e547a7 34971->34972 34973 e547d4 2 API calls 34972->34973 34974 e56a27 34973->34974 34974->34961 34978 e547b7 34975->34978 34976 e5b2a9 35017 e5a16c 34976->35017 34978->34976 34979 e5b299 34978->34979 35009 e5b3c0 34979->35009 35013 e5b3d0 34979->35013 34980 e5b2a7 34980->34980 34984 e56916 34983->34984 34985 e5479c 2 API calls 34984->34985 34986 e56922 34985->34986 34987 e547ac CallWindowProcW 34986->34987 34988 e56937 34987->34988 34988->34961 34990 e56916 34989->34990 34991 e5479c 2 API calls 34990->34991 34992 e56922 34991->34992 34993 e547ac CallWindowProcW 34992->34993 34994 e56937 34993->34994 34994->34961 34996 e5b275 34995->34996 34997 e5b2a9 34996->34997 34999 e5b299 34996->34999 34998 e5a16c CallWindowProcW 34997->34998 35000 e5b2a7 34998->35000 35001 e5b3c0 CallWindowProcW 34999->35001 35002 e5b3d0 CallWindowProcW 34999->35002 35000->35000 35001->35000 35002->35000 35004 e547df 35003->35004 35005 e532fc 2 API calls 35004->35005 35006 e56a89 35005->35006 35007 e53aec GetModuleHandleW 35006->35007 35008 e56af7 35006->35008 35007->35008 35012 e5b3de 35009->35012 35010 e5a16c CallWindowProcW 35010->35012 35011 e5b4c7 35011->34980 35012->35010 35012->35011 35016 e5b3de 35013->35016 35014 e5a16c CallWindowProcW 35014->35016 35015 e5b4c7 35015->34980 35016->35014 35016->35015 35018 e5a177 35017->35018 35019 e5b592 CallWindowProcW 35018->35019 35020 e5b541 35018->35020 35019->35020 35020->34980 34879 e519a8 34880 e519d7 34879->34880 34883 e51714 34880->34883 34882 e51afc 34884 e5171f 34883->34884 34885 e52062 34884->34885 34888 e54be0 34884->34888 34898 e54bcb 34884->34898 34885->34882 34889 e54c0b 34888->34889 34908 e532fc 34889->34908 34892 e54c8e 34894 e54cba 34892->34894 34921 e53aec 34892->34921 34897 e532fc 2 API calls 34897->34892 34899 e54c0b 34898->34899 34900 e532fc 2 API calls 34899->34900 34901 e54c72 34900->34901 34905 e55111 2 API calls 34901->34905 34906 e55190 2 API calls 34901->34906 34907 e532fc 2 API calls 34901->34907 34902 e54c8e 34903 e53aec GetModuleHandleW 34902->34903 34904 e54cba 34902->34904 34903->34904 34905->34902 34906->34902 34907->34902 34909 e53307 34908->34909 34910 e54c72 34909->34910 34925 e55320 34909->34925 34910->34897 34912 e55111 34910->34912 34917 e55190 34910->34917 34913 e5512b 34912->34913 34914 e5512f 34912->34914 34913->34892 34915 e5526e 34914->34915 34916 e55320 2 API calls 34914->34916 34916->34915 34918 e551ed 34917->34918 34919 e5526e 34918->34919 34920 e55320 2 API calls 34918->34920 34920->34919 34922 e55690 GetModuleHandleW 34921->34922 34924 e55705 34922->34924 34924->34894 34926 e55345 34925->34926 34927 e53aec GetModuleHandleW 34926->34927 34928 e5538a 34926->34928 34927->34928 34929 e53aec GetModuleHandleW 34928->34929 34937 e55556 34928->34937 34931 e554db 34929->34931 34930 e555b1 34930->34910 34931->34930 34934 e53aec GetModuleHandleW 34931->34934 34931->34937 34932 e556d8 GetModuleHandleW 34933 e55705 34932->34933 34933->34910 34935 e55529 34934->34935 34936 e53aec GetModuleHandleW 34935->34936 34935->34937 34936->34937 34937->34930 34937->34932 34948 e5a638 DuplicateHandle 34949 e5a6ce 34948->34949 34950 e56738 34951 e567a0 CreateWindowExW 34950->34951 34953 e5685c 34951->34953 34953->34953

                          Executed Functions

                          Function 00EFB764 Relevance: 2.8, Instructions: 2800COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 885a2a405e20dad48de7af8aeb69b7d8719f0aac567f2d237eb371f5a7ad9e86
                          • Instruction ID: ecf220b18f6e76aa3879bbfbaf658537a79346d24decb6488b6750bb81c2e170
                          • Opcode Fuzzy Hash: 885a2a405e20dad48de7af8aeb69b7d8719f0aac567f2d237eb371f5a7ad9e86
                          • Instruction Fuzzy Hash: 9B53FD30D10B198ECB11EF68C8846A9F7B1FF99300F55D69AE55877261EB70AAC4CF81
                          Function 00EF74C8 Relevance: .5, Instructions: 476COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 44aa6326bbd39cbcd0f889db3a2c63abdb340c0767c14e7c192bf47d76630d86
                          • Instruction ID: f7c5aadebc6639a0412a65424fc311d474d76b3ca62ef8d4a864aee1a95620e3
                          • Opcode Fuzzy Hash: 44aa6326bbd39cbcd0f889db3a2c63abdb340c0767c14e7c192bf47d76630d86
                          • Instruction Fuzzy Hash: DBF11530B042094FDB14AB798954BBE7BE6EF84300F218839E646EB395DE35DD458791
                          Function 00EFE738 Relevance: .4, Instructions: 398COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1eb001a395b79944ddb299983116094c784c28636d1c875645293980b4963f11
                          • Instruction ID: 1f06207f0f8a00d9ba9208e86f8bafbf719ffc2440dc3b1f7846719cedf6f846
                          • Opcode Fuzzy Hash: 1eb001a395b79944ddb299983116094c784c28636d1c875645293980b4963f11
                          • Instruction Fuzzy Hash: CAD1F831B002494FCB259B69C8547BEBBB2EFC1324F19956AD61AEB3A1C634FC45C760
                          Function 00EF0040 Relevance: 29.6, Strings: 23, Instructions: 814COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 ef0040-ef052e 75 ef0534-ef0544 0->75 76 ef0a80-ef0ab5 0->76 75->76 77 ef054a-ef055a 75->77 80 ef0ab7-ef0abc 76->80 81 ef0ac1-ef0adf 76->81 77->76 79 ef0560-ef0570 77->79 79->76 82 ef0576-ef0586 79->82 84 ef0ba6-ef0bab 80->84 93 ef0b56-ef0b62 81->93 94 ef0ae1-ef0aeb 81->94 82->76 83 ef058c-ef059c 82->83 83->76 85 ef05a2-ef05b2 83->85 85->76 87 ef05b8-ef05c8 85->87 87->76 88 ef05ce-ef05de 87->88 88->76 90 ef05e4-ef05f4 88->90 90->76 92 ef05fa-ef060a 90->92 92->76 95 ef0610-ef0a7f 92->95 100 ef0b79-ef0b85 93->100 101 ef0b64-ef0b70 93->101 94->93 99 ef0aed-ef0af9 94->99 108 ef0b1e-ef0b21 99->108 109 ef0afb-ef0b06 99->109 106 ef0b9c-ef0b9e 100->106 107 ef0b87-ef0b93 100->107 101->100 111 ef0b72-ef0b77 101->111 106->84 107->106 120 ef0b95-ef0b9a 107->120 112 ef0b38-ef0b44 108->112 113 ef0b23-ef0b2f 108->113 109->108 122 ef0b08-ef0b12 109->122 111->84 115 ef0bac-ef0bea 112->115 116 ef0b46-ef0b4d 112->116 113->112 124 ef0b31-ef0b36 113->124 128 ef0bf2-ef0bfb call ef0d80 115->128 116->115 121 ef0b4f-ef0b54 116->121 120->84 121->84 122->108 129 ef0b14-ef0b19 122->129 124->84 131 ef0c01-ef0c08 128->131 129->84 132 ef0c1b-ef0c26 131->132 133 ef0c0a-ef0c15 131->133 138 ef0c2c-ef0c45 132->138 139 ef0cf7-ef0d3c 132->139 133->132 137 ef0c9e-ef0cf0 133->137 137->139 145 ef0c80-ef0c8c call ef1498 138->145 156 ef0d3e-ef0d4b 139->156 157 ef0d4d-ef0d5b 139->157 149 ef0c92-ef0c9b 145->149 164 ef0d6b-ef0d6e 156->164 165 ef0d5d-ef0d67 157->165 166 ef0d69 157->166 165->164 166->164
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: (ojq$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$^0$~0$$jq$$jq
                          • API String ID: 0-3480471960
                          • Opcode ID: 05937f972f38d5e1edda4ba34a8deac1c3bda9ffa006944ed1a83b18c5164055
                          • Instruction ID: 7490141d06254a44030dab6399089b649b8242e08899dad90e9cc37fb42a11dd
                          • Opcode Fuzzy Hash: 05937f972f38d5e1edda4ba34a8deac1c3bda9ffa006944ed1a83b18c5164055
                          • Instruction Fuzzy Hash: E27252B0A0021C8FDB159BA4C950BAEBB77EF84300F1081A9D50AAB3A6DF355E45DF65
                          Function 00E5A3E0 Relevance: 6.1, APIs: 4, Instructions: 135threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 346 e5a3e0-e5a3e1 347 e5a3e3-e5a3e7 346->347 348 e5a3e8-e5a47f GetCurrentProcess 346->348 347->348 352 e5a481-e5a487 348->352 353 e5a488-e5a4bc GetCurrentThread 348->353 352->353 354 e5a4c5-e5a4f9 GetCurrentProcess 353->354 355 e5a4be-e5a4c4 353->355 356 e5a502-e5a51d call e5a5c0 354->356 357 e5a4fb-e5a501 354->357 355->354 361 e5a523-e5a552 GetCurrentThreadId 356->361 357->356 362 e5a554-e5a55a 361->362 363 e5a55b-e5a5bd 361->363 362->363
                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 00E5A46E
                          • GetCurrentThread.KERNEL32 ref: 00E5A4AB
                          • GetCurrentProcess.KERNEL32 ref: 00E5A4E8
                          • GetCurrentThreadId.KERNEL32 ref: 00E5A541
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: c6bfdea770983ec88737fbb5605b01f8faf33a04cddfca3fd989c59c9d0d9b54
                          • Instruction ID: 77c60453ac4cda3771c1827d4227d6e8cd1a5956c6b1a03786f895452245c9d3
                          • Opcode Fuzzy Hash: c6bfdea770983ec88737fbb5605b01f8faf33a04cddfca3fd989c59c9d0d9b54
                          • Instruction Fuzzy Hash: 135187B1D002498FCB14DFA9D548BAEBFF1EF88304F24856AE409A7361D7789944CF62
                          Function 00E5A3F0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 370 e5a3f0-e5a47f GetCurrentProcess 374 e5a481-e5a487 370->374 375 e5a488-e5a4bc GetCurrentThread 370->375 374->375 376 e5a4c5-e5a4f9 GetCurrentProcess 375->376 377 e5a4be-e5a4c4 375->377 378 e5a502-e5a51d call e5a5c0 376->378 379 e5a4fb-e5a501 376->379 377->376 383 e5a523-e5a552 GetCurrentThreadId 378->383 379->378 384 e5a554-e5a55a 383->384 385 e5a55b-e5a5bd 383->385 384->385
                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 00E5A46E
                          • GetCurrentThread.KERNEL32 ref: 00E5A4AB
                          • GetCurrentProcess.KERNEL32 ref: 00E5A4E8
                          • GetCurrentThreadId.KERNEL32 ref: 00E5A541
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: Current$ProcessThread
                          • String ID:
                          • API String ID: 2063062207-0
                          • Opcode ID: f71235e0b2cfbba3a3f36a8d0515bf836f55246965775a20e3a62062ed6e2fb6
                          • Instruction ID: 7484157426109f2e0a8c7b8cbaa5770870dd970638a8f601790c86bf8b0918f1
                          • Opcode Fuzzy Hash: f71235e0b2cfbba3a3f36a8d0515bf836f55246965775a20e3a62062ed6e2fb6
                          • Instruction Fuzzy Hash: D85167B09002098FDB14DFA9D548BAEBBF1EF88304F24C569E519B7360D7789944CFA6
                          Function 00F29288 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 214libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 392 f29288-f29295 394 f29277 392->394 395 f29297-f2929b 392->395 397 f29231 394->397 398 f29279 394->398 396 f2929e-f292a7 395->396 399 f292a9-f292b3 396->399 400 f292cc 396->400 401 f29238 397->401 402 f29206-f29225 398->402 403 f2927a-f29283 398->403 404 f292b5-f292c6 399->404 405 f292c8-f292cb 399->405 407 f292d0 400->407 468 f2923e call ef8531 401->468 469 f2923e call ef8540 401->469 402->401 404->405 407->396 411 f292d1-f292d2 407->411 408 f29243-f29267 408->403 412 f292d4-f292dd 411->412 412->407 415 f292df-f292e1 412->415 415->412 417 f292e3-f29352 call f28ee8 LdrInitializeThunk 415->417 428 f2949b-f294b8 417->428 429 f29358-f29372 417->429 441 f294bd-f294c6 428->441 429->428 432 f29378-f29392 429->432 435 f29394-f29396 432->435 436 f29398 432->436 438 f2939b-f293f6 call f2686c 435->438 436->438 448 f293f8-f293fa 438->448 449 f293fc 438->449 450 f293ff-f29499 call f2686c 448->450 449->450 450->441 468->408 469->408
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.4510476229.0000000000F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F20000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_f20000_kmk.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: LRjq$LRjq
                          • API String ID: 2994545307-348097489
                          • Opcode ID: f7ee47d313158f3269840bf29623035615048b459e8f3ba482726b45750286aa
                          • Instruction ID: 4835169aebed89aea0899bdf8f22039adc49ff9b8ff123b94ebcf8e5f2913ab7
                          • Opcode Fuzzy Hash: f7ee47d313158f3269840bf29623035615048b459e8f3ba482726b45750286aa
                          • Instruction Fuzzy Hash: 6371B131F042149FCB05EB74E854AAE77F5AF89310F14856AE506EB296EF74DC098760
                          Function 00F292E8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 470 f292e8-f2931f call f28ee8 476 f29327-f2932d 470->476 477 f29334 476->477 478 f2933b-f29352 LdrInitializeThunk 477->478 479 f2949b-f294b8 478->479 480 f29358-f29372 478->480 492 f294bd-f294c6 479->492 480->479 483 f29378-f29392 480->483 486 f29394-f29396 483->486 487 f29398 483->487 489 f2939b-f293f6 call f2686c 486->489 487->489 499 f293f8-f293fa 489->499 500 f293fc 489->500 501 f293ff-f29499 call f2686c 499->501 500->501 501->492
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.4510476229.0000000000F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F20000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_f20000_kmk.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: LRjq$LRjq
                          • API String ID: 2994545307-348097489
                          • Opcode ID: 8b96d79a8cff894a9a590d0f32d23f956d50a458df36b608471ed144df89d376
                          • Instruction ID: 1227d0f40c7e6e7b6d09d6b64c481b183373f690d4100cd8e04f57cf977062f5
                          • Opcode Fuzzy Hash: 8b96d79a8cff894a9a590d0f32d23f956d50a458df36b608471ed144df89d376
                          • Instruction Fuzzy Hash: 3D519371E002059FCB04EFB5D945AAEB7B9FF84300F148969E502AB295EF74EC08C760
                          Function 00E55320 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 309COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 519 e55320-e55356 522 e553a7-e553af 519->522 523 e55358-e5536f 519->523 524 e553f5-e5543e call e546ec 522->524 525 e553b1-e553b6 call e546e0 522->525 529 e55371-e55377 523->529 530 e55379 523->530 549 e55444-e5548f 524->549 550 e555eb-e5561d 524->550 528 e553bb-e553f0 525->528 542 e55492-e55494 528->542 532 e5537f-e55385 call e53aec 529->532 530->532 536 e5538a-e553a1 call e546d4 532->536 536->522 543 e555bd-e555e4 536->543 611 e55497 call e55929 542->611 612 e55497 call e55938 542->612 543->550 545 e5549d-e554eb call e53aec call e546f8 571 e554f0-e554f4 545->571 549->542 566 e55624-e55668 550->566 580 e556a4-e556d0 566->580 581 e5566a-e556a1 566->581 573 e555b1-e555bc 571->573 574 e554fa-e55507 571->574 578 e555ad-e555af 574->578 579 e5550d-e5553a call e53aec call e546ec 574->579 578->566 578->573 579->578 594 e5553c-e5554a 579->594 583 e556d2-e556d5 580->583 584 e556d8-e55703 GetModuleHandleW 580->584 581->580 583->584 586 e55705-e5570b 584->586 587 e5570c-e55720 584->587 586->587 594->578 595 e5554c-e55563 call e53aec call e54704 594->595 600 e55565-e5556e call e546f8 595->600 601 e55570-e5559f call e546f8 595->601 600->578 601->578 609 e555a1-e555ab 601->609 609->578 609->601 611->545 612->545
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00E556F6
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID: #"
                          • API String ID: 4139908857-2415436313
                          • Opcode ID: 42019d8dcd1993599b17c11ae4906f37508bdf72bca0daac0f941cd9b11b7432
                          • Instruction ID: 077c5492d4f27344b338293d6d8fec7f01d6c0133ca26b99ccde3f84592d0caa
                          • Opcode Fuzzy Hash: 42019d8dcd1993599b17c11ae4906f37508bdf72bca0daac0f941cd9b11b7432
                          • Instruction Fuzzy Hash: 5FC19F71A007458FCB14DF69C490A6EBBF6FF89304B108969D805EB356EB74E949CB90
                          Function 00E5672D Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1573 e5672d-e5679e 1574 e567a0-e567a6 1573->1574 1575 e567a9-e567b0 1573->1575 1574->1575 1576 e567b2-e567b8 1575->1576 1577 e567bb-e567f3 1575->1577 1576->1577 1578 e567fb-e5685a CreateWindowExW 1577->1578 1579 e56863-e5689b 1578->1579 1580 e5685c-e56862 1578->1580 1584 e5689d-e568a0 1579->1584 1585 e568a8 1579->1585 1580->1579 1584->1585 1586 e568a9 1585->1586 1586->1586
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00E5684A
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: e259a7721c2fde83b47ce09ac26d8336dfeb6dc8ccf7808ad64386f9a3d34148
                          • Instruction ID: 14a307463b99fa83ceae8cd74df13106ba55d4a8f9bb6e1ae73e753b03a5f5c4
                          • Opcode Fuzzy Hash: e259a7721c2fde83b47ce09ac26d8336dfeb6dc8ccf7808ad64386f9a3d34148
                          • Instruction Fuzzy Hash: 1551DFB1D10319DFDB14CF99C984ADEBBB5BF88314F64852AE818AB210D7759845CF90
                          Function 00E56738 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1587 e56738-e5679e 1588 e567a0-e567a6 1587->1588 1589 e567a9-e567b0 1587->1589 1588->1589 1590 e567b2-e567b8 1589->1590 1591 e567bb-e5685a CreateWindowExW 1589->1591 1590->1591 1593 e56863-e5689b 1591->1593 1594 e5685c-e56862 1591->1594 1598 e5689d-e568a0 1593->1598 1599 e568a8 1593->1599 1594->1593 1598->1599 1600 e568a9 1599->1600 1600->1600
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00E5684A
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: CreateWindow
                          • String ID:
                          • API String ID: 716092398-0
                          • Opcode ID: 8a854b4ec3e74a96e75f7ced4258ddbe38dee485f2c4664838f242d969c6be24
                          • Instruction ID: 551648d1ef4527be8e579f1630d68e903a02dbea0fcb5c5dda345735e4da00a9
                          • Opcode Fuzzy Hash: 8a854b4ec3e74a96e75f7ced4258ddbe38dee485f2c4664838f242d969c6be24
                          • Instruction Fuzzy Hash: 1041B0B1D10309DFDB14CF9AC984ADEBBB5BF48314F64852AE819AB210D775A845CF90
                          Function 00E5A16C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1601 e5a16c-e5b534 1604 e5b5e4-e5b604 call e547ac 1601->1604 1605 e5b53a-e5b53f 1601->1605 1612 e5b607-e5b614 1604->1612 1607 e5b541-e5b578 1605->1607 1608 e5b592-e5b5ca CallWindowProcW 1605->1608 1614 e5b581-e5b590 1607->1614 1615 e5b57a-e5b580 1607->1615 1610 e5b5d3-e5b5e2 1608->1610 1611 e5b5cc-e5b5d2 1608->1611 1610->1612 1611->1610 1614->1612 1615->1614
                          APIs
                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 00E5B5B9
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: CallProcWindow
                          • String ID:
                          • API String ID: 2714655100-0
                          • Opcode ID: e55a2a92da2ecef8741acbb9d27f69bcd8d0224cb800b5d22f74955840b2cda4
                          • Instruction ID: 9778e2eda6da4ba974f2f04f872ea00968e69735fae9570821b994e699e025e4
                          • Opcode Fuzzy Hash: e55a2a92da2ecef8741acbb9d27f69bcd8d0224cb800b5d22f74955840b2cda4
                          • Instruction Fuzzy Hash: F0413DB5900309CFCB14CF99C448AAABBF5FF88315F24C859D919A7321D774A845CFA0
                          Function 00E5A630 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1618 e5a630-e5a631 1619 e5a633-e5a636 1618->1619 1620 e5a638-e5a6cc DuplicateHandle 1618->1620 1619->1620 1621 e5a6d5-e5a6f2 1620->1621 1622 e5a6ce-e5a6d4 1620->1622 1622->1621
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E5A6BF
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 0a60a113c55ec50469fa14693348a048e5c8d0f550b1e1ea07ffe9ddfa1016d8
                          • Instruction ID: 4a93fdb9707a798dc6cda740ba2a500702cf49066c7f5b0be22d420360c28d48
                          • Opcode Fuzzy Hash: 0a60a113c55ec50469fa14693348a048e5c8d0f550b1e1ea07ffe9ddfa1016d8
                          • Instruction Fuzzy Hash: 6321E5B59012089FDB10CFAAD985ADEBFF8EB48310F14841AE918B3310D378A944CFA5
                          Function 00E5A638 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E5A6BF
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: DuplicateHandle
                          • String ID:
                          • API String ID: 3793708945-0
                          • Opcode ID: 245ccae17c03b782bd77145373738de351298201dcdc1e37c5b40f59911fa59c
                          • Instruction ID: e576e37861240980cd70445f148caeb79339601b12ba1bffb374c9bf81afc987
                          • Opcode Fuzzy Hash: 245ccae17c03b782bd77145373738de351298201dcdc1e37c5b40f59911fa59c
                          • Instruction Fuzzy Hash: 9F21C4B59002489FDB10CF9AD584ADEBFF9FB48314F14841AE918A3350D378A954CFA5
                          Function 00F26878 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 00F2A2C3
                          Memory Dump Source
                          • Source File: 00000008.00000002.4510476229.0000000000F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F20000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_f20000_kmk.jbxd
                          Similarity
                          • API ID: HookWindows
                          • String ID:
                          • API String ID: 2559412058-0
                          • Opcode ID: 9454d62c9b914055d0a35d389418eb4e21bd22abd60bb04856b9c518f1cdde53
                          • Instruction ID: 36286f7d84ae72ad5e69a1dac90b0cfad561dfac30f4a2eb0942b747b59e0cdd
                          • Opcode Fuzzy Hash: 9454d62c9b914055d0a35d389418eb4e21bd22abd60bb04856b9c518f1cdde53
                          • Instruction Fuzzy Hash: A32102B1D00219DFCB14DF9AD944BEEBBF5EB88320F14842AE419A7290C775A944DFA1
                          Function 00F2A240 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 00F2A2C3
                          Memory Dump Source
                          • Source File: 00000008.00000002.4510476229.0000000000F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F20000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_f20000_kmk.jbxd
                          Similarity
                          • API ID: HookWindows
                          • String ID:
                          • API String ID: 2559412058-0
                          • Opcode ID: cca5a7c7896473623448f546ee6746108c365f983398782302d0f0cbeb81bffb
                          • Instruction ID: a289d901ee35997e5ff32f1833a9fad191a3c4036d273ef23f7469640e432357
                          • Opcode Fuzzy Hash: cca5a7c7896473623448f546ee6746108c365f983398782302d0f0cbeb81bffb
                          • Instruction Fuzzy Hash: 6F2135B1D00209CFCB14CF99D944BEEBBF5BF88320F10842AE459A3294C775A944CFA1
                          Function 00E53AEC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00E556F6
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509278436.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e50000_kmk.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID:
                          • API String ID: 4139908857-0
                          • Opcode ID: db8a58d5adc9978a30b3c66e0835f2482960c216654774134d03e0f90e5218fa
                          • Instruction ID: 0f59f5ad4313f9ea1f3b311a0e6510ce03fa8690f2a57e163991311efa4b38b3
                          • Opcode Fuzzy Hash: db8a58d5adc9978a30b3c66e0835f2482960c216654774134d03e0f90e5218fa
                          • Instruction Fuzzy Hash: D511F3B6C007498FCB10DF9AC444A9EFBF4EB49314F10845AD829B7210C3B9A545CFA5
                          Function 00EF1718 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: Hnq
                          • API String ID: 0-2896580000
                          • Opcode ID: e1f3041ee2ae9bc7b78df8fcf03061da138b15b6c395013af8d22c3b5afb9d5f
                          • Instruction ID: 82d9e7aa824ac5ab8a16d87229793610945b303f2a9008d3fd7568e29473447b
                          • Opcode Fuzzy Hash: e1f3041ee2ae9bc7b78df8fcf03061da138b15b6c395013af8d22c3b5afb9d5f
                          • Instruction Fuzzy Hash: DE41E3317042588FCB15AF29D8146BE3FF2EF86311B0544AAF94ADB392CA34CD15D761
                          Function 00EF8540 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHjq
                          • API String ID: 0-751881793
                          • Opcode ID: be5f09cd63e0b1ed4d154adb29464650bc307a41a63268db56d0bfa942ba9a22
                          • Instruction ID: 8be52f23d2c7ea4b3460c388ad1ba81896cb713c697e412b539806be27909545
                          • Opcode Fuzzy Hash: be5f09cd63e0b1ed4d154adb29464650bc307a41a63268db56d0bfa942ba9a22
                          • Instruction Fuzzy Hash: 1E31A431B001088FCB05AF79DA546AEBBF6EF88300B158429D506EB3A4DF74ED45CBA1
                          Function 00EF8531 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHjq
                          • API String ID: 0-751881793
                          • Opcode ID: ecc305c55ff2d1d2f1c320aad9d1829dbf3ef86d13341736a7fdfe8c2fcb80b1
                          • Instruction ID: b486991a28de3d7801554f667073408160e57277fae48348fec9b55422f88695
                          • Opcode Fuzzy Hash: ecc305c55ff2d1d2f1c320aad9d1829dbf3ef86d13341736a7fdfe8c2fcb80b1
                          • Instruction Fuzzy Hash: 5231D631B001088FCB05AF79DA546AEBBB6EF88300B158429D506FB3A4DF74ED45CBA1
                          Function 00EF87E0 Relevance: .9, Instructions: 900COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3736f3a2f2193aca423d85b6243ddb7ad1f19bf2080449abf856788be808e409
                          • Instruction ID: 07ca13de17488cd613fa07f1318d0a39afb7382825c87897be5b0b1fc2d81182
                          • Opcode Fuzzy Hash: 3736f3a2f2193aca423d85b6243ddb7ad1f19bf2080449abf856788be808e409
                          • Instruction Fuzzy Hash: 49825734A002088FDB64DF68C588BADB7F2EF45314F5499A9E509EB361DB35DC85CB50
                          Function 00EF0D80 Relevance: .4, Instructions: 410COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f85f5d14e7eefabd17802144006a7b48b2dd9092b266ea71da7233c422bf2ad4
                          • Instruction ID: 1d235789b83ba156bf7eb8611670bf3e6a58d8140e1ec96762cad12b72b689b9
                          • Opcode Fuzzy Hash: f85f5d14e7eefabd17802144006a7b48b2dd9092b266ea71da7233c422bf2ad4
                          • Instruction Fuzzy Hash: 58F12D75B00218CFCB15CF68D984AADBBF6BF88314F169599E615AB362CB31EC41CB50
                          Function 00EF8F68 Relevance: .4, Instructions: 371COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 40a51052ad079759a2d8891a798f524b52111c5bf7a982ded4486a30c1f62ef7
                          • Instruction ID: 8c6d11ebbf9c52a9dc16bb6cca6ff6f531ebdfe01a6b47844092f4f4f2c5281a
                          • Opcode Fuzzy Hash: 40a51052ad079759a2d8891a798f524b52111c5bf7a982ded4486a30c1f62ef7
                          • Instruction Fuzzy Hash: 55E16834A012088FCB24EF64D548B6DBBF2EF84315F1489A9D546AB3A6DB35DC49CF90
                          Function 00EF1498 Relevance: .2, Instructions: 227COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3bd01c0ac93ae37251fb2b30af0cd75df58d8bc0e494f7814bed316eff3fa72f
                          • Instruction ID: 9f9e5d2145d23118734a5e106ec8ff0c4f2626e5e70f584447bc4f5aff894495
                          • Opcode Fuzzy Hash: 3bd01c0ac93ae37251fb2b30af0cd75df58d8bc0e494f7814bed316eff3fa72f
                          • Instruction Fuzzy Hash: B6917071A0025DCFCB11CF68C894AAEBBB5EF94314F1684A9E915EB262C731ED41CB90
                          Function 00EFB3E0 Relevance: .2, Instructions: 207COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 758761c5b54b7df86895415cd8dda2d85342d63af8c7706275b3e595ef7c7118
                          • Instruction ID: 238f6f520163499a7fa6b3b3395d02331448e6e7fc477438c5a682e17f0b05a8
                          • Opcode Fuzzy Hash: 758761c5b54b7df86895415cd8dda2d85342d63af8c7706275b3e595ef7c7118
                          • Instruction Fuzzy Hash: B671C770B002488BDB14DF69C9847ADBBE6EF88318F24C1AAD509AF396E775CC45C751
                          Function 00EFB2E1 Relevance: .2, Instructions: 164COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2e2ebd670fc60edc182eed5d9732ba763dc7aa187de6b20e3ee0bdd92459c0a8
                          • Instruction ID: faae33e5efdcee38ce2829c161002f34a36328df3fc764f0a9d7ca26fda077f3
                          • Opcode Fuzzy Hash: 2e2ebd670fc60edc182eed5d9732ba763dc7aa187de6b20e3ee0bdd92459c0a8
                          • Instruction Fuzzy Hash: DF51C7307093C44FD7129328D9947697FA28B46308F28D4EAD5499F697E77ACC0A8362
                          Function 00EFA348 Relevance: .1, Instructions: 115COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6269f39f701c7ac511b7e5dc6d3106a344e44ee8b2c599c001dd6b4a4c11f098
                          • Instruction ID: 6280198b3f1678b73a90222a81ded8efef4d52ab810a8c1af0d0491d3939ba2f
                          • Opcode Fuzzy Hash: 6269f39f701c7ac511b7e5dc6d3106a344e44ee8b2c599c001dd6b4a4c11f098
                          • Instruction Fuzzy Hash: 7A412671F082458FDB019BB898442AE7BF19F48340F1880B6DA49FB351EA74DC458BA2
                          Function 00EF7A99 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d254b6adaeb51bc0583cf1a98d6abfa9fa40b4135d958a2d3db2b86a110e4a29
                          • Instruction ID: ec0388e3c128120ef073cc90eba081f15f5a564080d30bbf45870bba66646ce8
                          • Opcode Fuzzy Hash: d254b6adaeb51bc0583cf1a98d6abfa9fa40b4135d958a2d3db2b86a110e4a29
                          • Instruction Fuzzy Hash: 9E31E631B4D3844FDB029778882866A7FB28F86305F1541FAD585DB793EA39CD068752
                          Function 00EFA3A8 Relevance: .1, Instructions: 93COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4419fb9ebd15aafd8c940233e58e0505a0a6c7df2c0c04030fd316fc3fba5d4a
                          • Instruction ID: 2af963d55f1b165d3e1769b6c65089354c910f7dfab58c77727329bbda90ba04
                          • Opcode Fuzzy Hash: 4419fb9ebd15aafd8c940233e58e0505a0a6c7df2c0c04030fd316fc3fba5d4a
                          • Instruction Fuzzy Hash: 4431F371F002198FCB10ABB998086AE7BF1AF88340F148435E909FB354EF70DC448BA1
                          Function 00EF94CA Relevance: .1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5c1154b10971769724f223505f17c488622489e115e510413479e7d622a930d0
                          • Instruction ID: 4fee1629f90c7764a86800b57f531878e7c1ae93722e18d46bb9588bc553dd07
                          • Opcode Fuzzy Hash: 5c1154b10971769724f223505f17c488622489e115e510413479e7d622a930d0
                          • Instruction Fuzzy Hash: 0931C535B042494FCB42EB7CD850ABE7BF1AB89310B119076D249E7356EA34DC0687A1
                          Function 00EFA226 Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bccf7e809ceddc8fa459d9387de452ef48300bcafcf2f24210e2f61346e5be95
                          • Instruction ID: 34c8ee4b1136c65733bc28587087c3a44b52e60802b43f5f6e740bc4d1114182
                          • Opcode Fuzzy Hash: bccf7e809ceddc8fa459d9387de452ef48300bcafcf2f24210e2f61346e5be95
                          • Instruction Fuzzy Hash: 6F31E571F053088FCB41EB7CD8146BE77F1AB85300B14847AD109EB356EA39ED0687A2
                          Function 00E0D01C Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4508834485.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e0d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ad8eba4030ff1ceef2b9280eaa835b05095ba6b813a69ad368b1c49545f03cee
                          • Instruction ID: 845d7ddb80b441fce15e9cf83ebaf8f893378956ff9ef6549fb073144c91a875
                          • Opcode Fuzzy Hash: ad8eba4030ff1ceef2b9280eaa835b05095ba6b813a69ad368b1c49545f03cee
                          • Instruction Fuzzy Hash: EC212271608200DFCB14DF64D980B26BF66FB88318F20C569D84E5B296C33AD887CB62
                          Function 00EF7B48 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 821681387c1504edb18f2ce93405161cc7c1e1a4bab3ace5a58732630d28cbcd
                          • Instruction ID: 4c42c5f13b23096bad22fe6aebd3b4c061edc95a120169aa7df624df5ddb6281
                          • Opcode Fuzzy Hash: 821681387c1504edb18f2ce93405161cc7c1e1a4bab3ace5a58732630d28cbcd
                          • Instruction Fuzzy Hash: CA11B231B041184BCF19ABB8E8186AEB7E6EFC8311B014938E906F7394EF399C0587D1
                          Function 00EFB1F9 Relevance: .1, Instructions: 62COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 64417c851dbdaf7728e3ef6ad5a124f00a0a93f99e1af1605e9f451c6a389a50
                          • Instruction ID: ed7417979bdb51015004d92ae6faa33e767e827f797ff14ce884fcf5dae50ec5
                          • Opcode Fuzzy Hash: 64417c851dbdaf7728e3ef6ad5a124f00a0a93f99e1af1605e9f451c6a389a50
                          • Instruction Fuzzy Hash: 0211E671F093454FC702AB7888196AE7FF19F45300F0944FAD959EB356EA388D06CB92
                          Function 00E0D005 Relevance: .1, Instructions: 62COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4508834485.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_e0d000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e2a37123b7b4255b60a15e701cfcab6f5950fa700fc61e4ebdb390f24398de62
                          • Instruction ID: 0bd6add6334a8fb5f97a11a1c02f2cd266b29e3da6904cdf6da137bf86ee697a
                          • Opcode Fuzzy Hash: e2a37123b7b4255b60a15e701cfcab6f5950fa700fc61e4ebdb390f24398de62
                          • Instruction Fuzzy Hash: 5B21837550D3808FC702CF24D994715BF71EB46314F28C5DAD8498B6A7C33A984ACB62
                          Function 00EF8470 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bca860c66d8b0eb37038f39805295ae078015a125c0473adb9ced2c101c28bd9
                          • Instruction ID: b0205b41577015c3681a8d5bca497e5bc071abda322ba91fdfbf85eb37e82837
                          • Opcode Fuzzy Hash: bca860c66d8b0eb37038f39805295ae078015a125c0473adb9ced2c101c28bd9
                          • Instruction Fuzzy Hash: 68111C79F012198FCB41EFBCE844AAE77F5FB88210B108529E509E3314EF349D058B91
                          Function 00EF9408 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa7ba9f113493eef6eae69ed6fc68f2aef9eaf800377a19905ee91f095a8325b
                          • Instruction ID: 7d41d8c9b5cc8d5bf8986326fabde050dd21afcb2e8418b368b985d8b82ff4b0
                          • Opcode Fuzzy Hash: aa7ba9f113493eef6eae69ed6fc68f2aef9eaf800377a19905ee91f095a8325b
                          • Instruction Fuzzy Hash: C3113035F001198FCB80EF7CD840AAE77F6AB887107108029E109E7355EF34AD058B91
                          Function 00EF7192 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 25e1fc22b4a38c7fb87b6694b41f2e802bbe5674514c47e9e664d0cd7f90f5a5
                          • Instruction ID: dbc066d91dacecb42b541ca6048e1a6d66965ec8eb607d92aad8100e524cef92
                          • Opcode Fuzzy Hash: 25e1fc22b4a38c7fb87b6694b41f2e802bbe5674514c47e9e664d0cd7f90f5a5
                          • Instruction Fuzzy Hash: B5113D70E042198FCB04DFA8E5849EEBBF1FF88314F209529D504E7214D731A985CBA4
                          Function 00EF9528 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5c25e3b7f4598ae11c45cdd9b235fac819e0edfa590b761179d218efdca39f8e
                          • Instruction ID: 407b8abdd783268ec804e54e62dbb5e571b2c8762c73743d2f62f7fa68cc1dc5
                          • Opcode Fuzzy Hash: 5c25e3b7f4598ae11c45cdd9b235fac819e0edfa590b761179d218efdca39f8e
                          • Instruction Fuzzy Hash: D0113C35F002198FCB81EFBCD841AAE77F6AB88750B109029E209E7355EF34AD058B91
                          Function 00EFA288 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 51c977c7ac7924d3ece34dfce00baa909bc5e7c6d5a0d5f83df7148170d35979
                          • Instruction ID: a20f2496f879a4158cb76698e0c8560278db60318ca8141af57d730bb5499bfb
                          • Opcode Fuzzy Hash: 51c977c7ac7924d3ece34dfce00baa909bc5e7c6d5a0d5f83df7148170d35979
                          • Instruction Fuzzy Hash: 12113C75F002199FCB81EBBCD854AAE77F6AB88710B208529E109F7354EF34AD058B91
                          Function 00EF846C Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f7d4729ae826968553fe4d15d95f10a45db5169651138443fda730d0c7c0e087
                          • Instruction ID: 4b1e868123fbdf5d505744c590efcb474979306addf7641c6c4aee4e4bc95069
                          • Opcode Fuzzy Hash: f7d4729ae826968553fe4d15d95f10a45db5169651138443fda730d0c7c0e087
                          • Instruction Fuzzy Hash: 41111C79F012158FCB41EFBCE944AAE77F5BB88210B10852AE509E3314EB349D068B90
                          Function 00EFB689 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 261703b3c07ae3db6f4592371b3313b943f3a34ec055efaadcab1408dee7599d
                          • Instruction ID: a68eb8f8f741bca733dcd1562736341b4f5f52e7223530e079a52dc5fccb9b6c
                          • Opcode Fuzzy Hash: 261703b3c07ae3db6f4592371b3313b943f3a34ec055efaadcab1408dee7599d
                          • Instruction Fuzzy Hash: C8013C30649389CFDB02DB25C958AA97BF5AF0A314F2A519AD102FB7B2C7258D05CB61
                          Function 00EFB258 Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c1d1bc1a46aeaeac32c2630907b9da8a47dd8157af27a9220fb2c26d8f5a319d
                          • Instruction ID: 4c890d8ca9b8f5392639b4349229bc50a2bff988685af40395e88cbfdfe9ad16
                          • Opcode Fuzzy Hash: c1d1bc1a46aeaeac32c2630907b9da8a47dd8157af27a9220fb2c26d8f5a319d
                          • Instruction Fuzzy Hash: ABF08271F041195FCB40BBB998082AF7AF9DB88250B000475D94AE3304EA349E0187D1
                          Function 00EF6CC8 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8180149125a081d0938d58cef775310707ead6fe34b2321c0ef4723998ad8317
                          • Instruction ID: 1795aa5bfea0a8531d304d276949ecc96d1c8e29f7475f97dd4a3bea56b2168d
                          • Opcode Fuzzy Hash: 8180149125a081d0938d58cef775310707ead6fe34b2321c0ef4723998ad8317
                          • Instruction Fuzzy Hash: E2E01272E041199F8780ABADA8056EF7BF8EA8C251B110576E509E3200E6704A158BD1
                          Function 00EF84D1 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ffd1ea260e9cd543b8f1324b45cf145257de6e187cc0aa50fb1961dabaaa20d0
                          • Instruction ID: 698723baff9c3ca21d437c5e4a018f31f08996a62454dbd52085fc81314a23a4
                          • Opcode Fuzzy Hash: ffd1ea260e9cd543b8f1324b45cf145257de6e187cc0aa50fb1961dabaaa20d0
                          • Instruction Fuzzy Hash: BEE03939B411188BCF04EBB8E9585DCB3F1EFC8311B108425E805E3324EE349C158B51
                          Function 00EF9467 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b57caa2277a65783a977c79ae171d48d1588eff016f5a3df155811d487e9cd3b
                          • Instruction ID: 13c42014fb1a9f9512705e8eb191e94beb6c33abe2d25ec8bf75127d3326326c
                          • Opcode Fuzzy Hash: b57caa2277a65783a977c79ae171d48d1588eff016f5a3df155811d487e9cd3b
                          • Instruction Fuzzy Hash: 04E0C935B101288BCF54EBB8D9559ADB3E2ABC8721B109424E505F7365EE289C058751
                          Function 00EF9587 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ddc35c1c02b8938b4d8981b4810c6d21e8894623c77904445e6bece2f5618067
                          • Instruction ID: 28669a576027a02f0fd6cc799224d37dadf68776e8ea1b074fc3fb4a2accb56f
                          • Opcode Fuzzy Hash: ddc35c1c02b8938b4d8981b4810c6d21e8894623c77904445e6bece2f5618067
                          • Instruction Fuzzy Hash: 1AE03236B040188BCF40EBB8D8119ADB3E2ABC8361B10A025E509F7225EE28AC058B61
                          Function 00EFA2E7 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2ee0a04ae382564e481ce027b3d1b730a4be6b32b5624c99e925297df5e8e751
                          • Instruction ID: 480fa782baa6c54e265e5facc2a93f180e3fecec902e830c1c89eafb13a4b16e
                          • Opcode Fuzzy Hash: 2ee0a04ae382564e481ce027b3d1b730a4be6b32b5624c99e925297df5e8e751
                          • Instruction Fuzzy Hash: 7AE03935F001188BCF40EBB8D8515AC73E1AB88721B109424E509F7324EE289C058751
                          Function 00EF0C75 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000008.00000002.4509844219.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_ef0000_kmk.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6578db156ccbfcd48bce53442c346db2f07c16bebd9a234bb3d1a3c909ffb941
                          • Instruction ID: 74fbf6cda35c317e2bfb9c739fe89d29ee6f66db6116cc63b76e89e8f403d100
                          • Opcode Fuzzy Hash: 6578db156ccbfcd48bce53442c346db2f07c16bebd9a234bb3d1a3c909ffb941
                          • Instruction Fuzzy Hash: 79D0677AB400189FCB049F99E8409DDFB76FB98221F048516E915A3261C6319965DB50