Edit tour

Windows Analysis Report
Turkiye_2023_order_hitado_pdf.exe

Overview

General Information

Sample Name:	Turkiye_2023_order_hitado_pdf.exe
Analysis ID:	1313695
MD5:	4649f9a0a86c4cd85493e581676597ed
SHA1:	03b06aa5a25bb6db5b18d5a31f0f2d26d4909f06
SHA256:	751dbee7818c202e60ffa8d060cc3c7c05e4ccda824569381c01a948364a8a96
Tags:	exe
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Installs a global keyboard hook

Tries to steal Mail credentials (via file / registry access)

Initial sample is a PE file and has a suspicious name

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Contains functionality to log keystrokes (.Net Source)

Machine Learning detection for sample

May check the online IP address of the machine

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Yara detected Credential Stealer

Contains long sleeps (>= 3 min)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

Uses a known web browser user agent for HTTP communication

Creates a window with clipboard capturing capabilities

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Creates a process in suspended mode (likely to inject code)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

Turkiye_2023_order_hitado_pdf.exe (PID: 6452 cmdline: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe MD5: 4649F9A0A86C4CD85493E581676597ED)

Turkiye_2023_order_hitado_pdf.exe (PID: 5208 cmdline: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe MD5: 4649F9A0A86C4CD85493E581676597ED)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/ https://blog.apnic.net/2022/03/31/how-to-detect-and-prevent-common-data-exfiltration-attacks/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Host": "nl9.nlkoddos.com", "Username": "cm1@avindarou.net", "Password": "f=g^~XO{Pk7s"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.476429792.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000000.00000002.282051451.000000000314C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282500292.0000000006900000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282051451.000000000333B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282051451.0000000003350000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282051451.0000000003338000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282051451.0000000003291000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
Process Memory Space: Turkiye_2023_order_hitado_pdf.exe PID: 6452	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
decrypted.memstr	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.421ab6d.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.425aa40.9.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.6900000.14.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.421ab6d.8.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.41fab4d.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.6900000.14.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.Turkiye_2023_order_hitado_pdf.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.425aa40.9.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
Click to see the 6 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "nl9.nlkoddos.com", "Username": "cm1@avindarou.net", "Password": "f=g^~XO{Pk7s"}

Multi AV Scanner detection for submitted file

Source: Turkiye_2023_order_hitado_pdf.exe

ReversingLabs: Detection: 18%

Machine Learning detection for sample

Source: Turkiye_2023_order_hitado_pdf.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: /log.tmp
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>[
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: yyyy-MM-dd HH:mm:ss
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ]<br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Time:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: MM/dd/yyyy HH:mm:ss
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>User Name:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>Computer Name:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>OSFullName:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>CPU:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>RAM:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IP Address:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <hr>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: New
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: MM/dd/yyyy HH:mm:ss
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IP Address:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: true
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: https://api.ipify.org
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: true
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: true
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: true
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: false
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: false
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: false
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: true
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: false
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: nl9.nlkoddos.com
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: cm1@avindarou.net
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: f=g^~XO{Pk7s
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: cm2@avindarou.net
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: false
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: false
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: appdata
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ffzCyN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ffzCyN.exe
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ffzCyN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Type
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <hr>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <b>[
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ]</b> (
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: )<br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {BACK}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {ALT+TAB}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {ALT+F4}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {TAB}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {ESC}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {Win}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {CAPSLOCK}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {KEYUP}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {KEYDOWN}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {KEYLEFT}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {KEYRIGHT}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {DEL}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {END}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {HOME}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {Insert}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {NumLock}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {PageDown}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {PageUp}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {ENTER}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F1}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F2}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F3}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F4}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F5}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F6}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F7}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F8}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F9}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F10}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F11}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {F12}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: control
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {CTRL}
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: &
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: >
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: "
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <br><hr>Copied Text: <br>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <hr>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: logins
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IE/Edge
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Secure Note
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 3CCD5499-87A8-4B10-A215-608888DD3B55
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Web Password Credential
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 154E23D0-C644-4E6F-8CE6-5069272F999F
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Credential Picker Protector
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Web Credentials
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Credentials
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Domain Certificate Credential
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 3E0E35BE-1B77-43E7-B873-AED901B6275B
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Domain Password Credential
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Extended Credential
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 00000000-0000-0000-0000-000000000000
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SchemaId
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pResourceElement
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pIdentityElement
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pPackageSid
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pAuthenticatorElement
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IE/Edge
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UC Browser
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UCBrowser\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Login Data
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: journal
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: wow_logins
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Safari for Windows
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Common Files\Apple\Apple Application Support\plutil.exe
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Apple Computer\Preferences\keychain.plist
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <array>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <dict>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <string>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </string>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <string>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </string>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <data>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </data>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: -convert xml1 -s -o "
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \fixed_keychain.xml"
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Microsoft\Credentials\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Microsoft\Credentials\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Microsoft\Credentials\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Microsoft\Credentials\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Microsoft\Protect\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: credential
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: QQ Browser
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Tencent\QQBrowser\User Data
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Default\EncryptedStorage
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Profile
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \EncryptedStorage
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: entries
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: category
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: str3
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: str2
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: blob0
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: password_value
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IncrediMail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PopPassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SmtpPassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\IncrediMail\Identities\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Accounts_New
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PopPassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SmtpPassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SmtpServer
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: EmailAddress
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Eudora
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\Qualcomm\Eudora\CommandLine\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: current
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Settings
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SavePasswordText
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Settings
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ReturnAddress
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Falkon Browser
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \falkon\profiles\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: profiles.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: startProfile=([A-z0-9\/\.\"]+)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: profiles.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \browsedata.db
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: autofill
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ClawsMail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Claws-mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \clawsrc
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \clawsrc
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passkey0
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: master_passphrase_salt=(.+)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: master_passphrase_pbkdf2_rounds=(.+)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \accountrc
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: smtp_server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: address
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: account
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \passwordstorerc
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: {(.),(.)}(.*)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Flock Browser
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: APPDATA
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Flock\Browser\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: signons3.txt
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: DynDns
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ALLUSERSPROFILE
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Dyn\Updater\config.dyndns
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: username=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: password=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: https://account.dyn.com/
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: t6KzXhCh
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ALLUSERSPROFILE
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Dyn\Updater\daemon.cfg
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: global
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: accounts
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: account.
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: username
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: account.
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Psi/Psi+
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: name
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Psi/Psi+
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: APPDATA
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Psi\profiles
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: APPDATA
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Psi+\profiles
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \accounts.xml
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \accounts.xml
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: OpenVPN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\OpenVPN-GUI\configs
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\OpenVPN-GUI\configs
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\OpenVPN-GUI\configs\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: username
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: auth-data
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: entropy
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: USERPROFILE
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \OpenVPN\config\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: remote
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: remote
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: NordVPN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: NordVPN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: NordVpn.exe*
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: user.config
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: //setting[@name='Username']/value
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: //setting[@name='Password']/value
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: NordVPN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Private Internet Access
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: %ProgramW6432%
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Private Internet Access\data
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles(x86)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Private Internet Access\data
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \account.json
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ."username":"(.?)"
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ."password":"(.?)"
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Private Internet Access
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: privateinternetaccess.com
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: FileZilla
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: APPDATA
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \FileZilla\recentservers.xml
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: APPDATA
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \FileZilla\recentservers.xml
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Server>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Host>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Host>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </Host>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Port>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </Port>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <User>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <User>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </User>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Pass encoding="base64">
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Pass encoding="base64">
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </Pass>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Pass>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <Pass encoding="base64">
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </Pass>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: CoreFTP
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SOFTWARE\FTPWare\COREFTP\Sites
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: User
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Host
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Port
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: hdfzpysvpzimorhk
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: WinSCP
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: HostName
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UserName
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PublicKeyFile
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PortNumber
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: [PRIVATE KEY LOCATION: "{0}"]
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: WinSCP
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ABCDEF
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Flash FXP
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: port
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: user
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pass
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: quick.dat
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Sites.dat
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \FlashFXP\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \FlashFXP\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: yA36zA48dEhfrvghGRg57h5UlDv3
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: FTP Navigator
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SystemDrive
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \FTP Navigator\Ftplist.txt
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: No Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: User
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SmartFTP
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: APPDATA
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SmartFTP\Client 2.0\Favorites\Quick Connect
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: WS_FTP
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: appdata
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Ipswitch\WS_FTP\Sites\ws_ftp.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: HOST
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PWD=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PWD=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: FtpCommander
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SystemDrive
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SystemDrive
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Program Files (x86)\FTP Commander\Ftplist.txt
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SystemDrive
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \cftp\Ftplist.txt
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;Password=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;User=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;Server=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;Port=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;Port=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;Password=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;User=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ;Anonymous=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: FTPGetter
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \FTPGetter\servers.xml
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server_ip>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server_ip>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </server_ip>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server_port>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </server_port>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server_user_name>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server_user_name>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </server_user_name>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server_user_password>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: <server_user_password>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: </server_user_password>
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: FTPGetter
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: The Bat!
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: appdata
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \The Bat!
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Account.CFN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Account.CFN
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: +-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Becky!
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: HKEY_CURRENT_USER\Software\RimArts\B2\Settings
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: DataDir
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Folder.lst
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Mailbox.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Account
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PassWd
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Account
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SMTPServer
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Account
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: MailAddress
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Becky!
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Outlook
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Email
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IMAP Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: POP3 Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: HTTP Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SMTP Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Email
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Email
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Email
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IMAP Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: POP3 Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: HTTP Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SMTP Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Windows Mail App
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: COMPlus_legacyCorruptedStateExceptionsPolicy
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\Microsoft\ActiveSync\Partners
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Email
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SchemaId
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pResourceElement
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pIdentityElement
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pPackageSid
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: pAuthenticatorElement
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: syncpassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: mailoutgoing
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: FoxMail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Executable
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: FoxmailPath
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Storage\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Storage\
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \VirtualStore\Program Files\Foxmail\mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \VirtualStore\Program Files\Foxmail\mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \VirtualStore\Program Files (x86)\Foxmail\mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \VirtualStore\Program Files (x86)\Foxmail\mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Accounts\Account.rec0
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Accounts\Account.rec0
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Account.stg
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Account.stg
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: POP3Host
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SMTPHost
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: IncomingServer
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Account
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: MailAddress
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: POP3Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Opera Mail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Opera Mail\Opera Mail\wand.dat
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Opera Mail\Opera Mail\wand.dat
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: opera:
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz1234567890_-.~!@#$%^&*()[{]}\\|';:,<>/?+=
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PocoMail
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: appdata
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Pocomail\accounts.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Email
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: POPPass
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SMTPPass
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SMTP
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: eM Client
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: eM Client\accounts.dat
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: eM Client
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Accounts
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: "Username":"
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: "Secret":"
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: 72905C47-F4FD-4CF7-A489-4E8121A155BD
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: "ProviderName":"
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: o6806642kbM7c5
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Mailbird
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SenderIdentities
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Accounts
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \Mailbird\Store\Store.db
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Server_Host
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Accounts
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Email
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Username
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: EncryptedPassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Mailbird
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: RealVNC 4.x
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SOFTWARE\Wow6432Node\RealVNC\WinVNC4
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: RealVNC 3.x
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SOFTWARE\RealVNC\vncserver
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: RealVNC 4.x
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: SOFTWARE\RealVNC\WinVNC4
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: RealVNC 3.x
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\ORL\WinVNC3
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: TightVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\TightVNC\Server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: TightVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\TightVNC\Server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: PasswordViewOnly
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: TightVNC ControlPassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\TightVNC\Server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ControlPassword
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: TigerVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\TigerVNC\Server
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Password
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles(x86)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \uvnc bvba\UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles(x86)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \uvnc bvba\UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd2
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \uvnc bvba\UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \uvnc bvba\UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd2
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd2
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles(x86)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: UltraVNC
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: ProgramFiles(x86)
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: \UltraVNC\ultravnc.ini
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: passwd2
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: JDownloader 2.0
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: JDownloader 2.0\cfg
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: org.jdownloader.settings.AccountSettings.accounts.ejs
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: JDownloader 2.0\cfg
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Paltalk
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack	String decryptor: Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\

Source: Turkiye_2023_order_hitado_pdf.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.237.62.212:443 -> 192.168.2.4:49722 version: TLS 1.2

Source: Turkiye_2023_order_hitado_pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp

Networking

May check the online IP address of the machine

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	DNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	DNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	DNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	DNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	DNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	DNS query: name: api.ipify.org

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443

Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api4.ipify.org
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.281965039.00000000012A9000.00000004.00000020.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.476945103.0000000001301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipif8
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/Tl3
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/p
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/t
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003091000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://onedrive.live.com
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003091000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://onedrive.live.com/download?resid=969678C66048EAA5
Source: Turkiye_2023_order_hitado_pdf.exe	String found in binary or memory: https://onedrive.live.com/download?resid=969678C66048EAA5%21436&authkey=
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.00000000030DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xxwlow.ch.files.1drv.com
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.000000000310A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.00000000031BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xxwlow.ch.files.1drv.com/y4mKRLJYFhkRmC6yFruchUHrAIhD6s-aH6zkuaH3Sv8Zpq5ypVsf13DyU9JAJC4HwoV
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.00000000030DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xxwlow.ch.files.1drv.com/y4mvAOirN_XYO1M9mlsoLGdFWqy604I15NkVWv5JvK4NnaNmrNF4_bp3DlIuU1S0Tdu

Source: unknown

DNS traffic detected: queries for: onedrive.live.com

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.237.62.212:443 -> 192.168.2.4:49722 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global keyboard hook

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Jump to behavior

Contains functionality to log keystrokes (.Net Source)

Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, Cc3jA.cs

.Net Code: XyUaCyLHVGM

Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.281965039.00000000011EB000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

memstr_53d2f9ca-3

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Initial sample is a PE file and has a suspicious name

Source: initial sample	Static PE information: Filename: Turkiye_2023_order_hitado_pdf.exe
Source: initial sample	Static PE information: Filename: Turkiye_2023_order_hitado_pdf.exe

Source: Turkiye_2023_order_hitado_pdf.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_0171D520	0_2_0171D520
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_01712700	0_2_01712700
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_01713940	0_2_01713940
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_01715D08	0_2_01715D08
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_0171273A	0_2_0171273A
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_017126F0	0_2_017126F0
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_017139F1	0_2_017139F1
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_0171D847	0_2_0171D847
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_0171EB18	0_2_0171EB18
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_01713DD0	0_2_01713DD0
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_01716F7B	0_2_01716F7B
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_01712FC8	0_2_01712FC8
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_01712ED1	0_2_01712ED1
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_061E12B0	0_2_061E12B0
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_061E12A0	0_2_061E12A0
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_06A6D6F8	0_2_06A6D6F8
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_06A61390	0_2_06A61390
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_015E4220	4_2_015E4220
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_015E4E38	4_2_015E4E38
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_015EAEC0	4_2_015EAEC0
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_015E4568	4_2_015E4568
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C3D058	4_2_06C3D058
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C37D44	4_2_06C37D44
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C534F0	4_2_06C534F0
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C54400	4_2_06C54400
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C55D40	4_2_06C55D40
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C5B240	4_2_06C5B240
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C5B328	4_2_06C5B328
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C50040	4_2_06C50040

Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.00000000031C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNrwypbn.dll" vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000000.208404894.0000000000BD4000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameTurkiye 2023 order hitado pdf.exe" vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.281965039.00000000011EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamea4830e60-10e5-478a-a3de-06c8d15064f3.exe4 vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282461308.00000000066A0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNrwypbn.dll" vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003184000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamea4830e60-10e5-478a-a3de-06c8d15064f3.exe4 vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.476564080.00000000010F8000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.476429792.000000000043E000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamea4830e60-10e5-478a-a3de-06c8d15064f3.exe4 vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.476945103.000000000123B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Turkiye_2023_order_hitado_pdf.exe
Source: Turkiye_2023_order_hitado_pdf.exe	Binary or memory string: OriginalFilenameTurkiye 2023 order hitado pdf.exe" vs Turkiye_2023_order_hitado_pdf.exe

Source: Turkiye_2023_order_hitado_pdf.exe

ReversingLabs: Detection: 18%

Source: Turkiye_2023_order_hitado_pdf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process created: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process created: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Turkiye_2023_order_hitado_pdf.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@6/1

Source: Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003233000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Turkiye_2023_order_hitado_pdf.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior

Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, uult.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, uult.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, uult.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, uult.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, ahU.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, ahU.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, fwzmQCK.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, fwzmQCK.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Turkiye_2023_order_hitado_pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Turkiye_2023_order_hitado_pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.421ab6d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.425aa40.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.6900000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.421ab6d.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.41fab4d.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.6900000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.425aa40.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.282051451.000000000314C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282500292.0000000006900000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282051451.000000000333B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282051451.0000000003350000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282051451.0000000003338000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282051451.0000000003291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Turkiye_2023_order_hitado_pdf.exe PID: 6452, type: MEMORYSTR

.NET source code contains potential unpacker

Source: Turkiye_2023_order_hitado_pdf.exe, Program.cs	.Net Code: Program_OnHt System.Reflection.Assembly.Load(byte[])
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.69b0000.15.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.69b0000.15.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.69b0000.15.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.69b0000.15.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.69b0000.15.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.42c1080.12.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.42c1080.12.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.42c1080.12.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.42c1080.12.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.42c1080.12.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.43110a0.11.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.43110a0.11.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.43110a0.11.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.43110a0.11.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.43110a0.11.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.68b0000.13.raw.unpack, --.cs	.Net Code: _0003 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.68b0000.13.raw.unpack, --.cs	.Net Code: _0003 System.AppDomain.Load(byte[])
Source: 0.2.Turkiye_2023_order_hitado_pdf.exe.68b0000.13.raw.unpack, --.cs	.Net Code: _0003 System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_0171CC90 push es; ret	0_2_0171CD40
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 0_2_06A6B716 push esp; iretd	0_2_06A6B719
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C39639 push es; ret	4_2_06C39644
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C335CF push es; ret	4_2_06C335D0
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C3D048 push esp; iretd	4_2_06C3D049
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C3C198 pushfd ; ret	4_2_06C3C1B1
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C36868 push 690006C3h; ret	4_2_06C3695E
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Code function: 4_2_06C5C868 pushfd ; iretd	4_2_06C5C869

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.000000000314C000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.000000000333B000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003350000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6508	Thread sleep count: 1487 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99862s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6508	Thread sleep count: 8219 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99515s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -99078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98966s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98845s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -98047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97827s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97467s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97141s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -97031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -598328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -598196s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -598093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597872s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -597000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596671s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6488	Thread sleep time: -596015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -24903104499507879s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1200000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 496	Thread sleep count: 3690 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199873s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 496	Thread sleep count: 6149 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199323s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1199108s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198999s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198671s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198452s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198124s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1198015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197796s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1197031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196918s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196800s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196530s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196398s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196293s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196191s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1196042s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195936s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195824s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195715s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195608s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195501s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195308s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1195061s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194949s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194829s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194690s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194549s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194410s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194270s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194130s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe TID: 6620	Thread sleep time: -1194009s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 598196	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597872	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597218	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596890	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596781	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596671	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596562	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596343	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596234	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596125	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596015	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199873	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199765	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199656	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199546	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199437	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199323	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199218	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199108	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198999	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198890	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198781	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198671	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198562	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198452	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198343	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198234	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198124	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198015	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197906	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197796	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197687	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197578	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197468	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197359	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197250	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197140	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197031	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196918	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196800	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196656	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196530	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196398	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196293	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196191	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196042	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195936	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195824	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195715	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195608	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195501	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195308	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195188	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195061	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194949	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194829	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194690	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194549	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194410	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194270	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194130	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194009	Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Window / User API: threadDelayed 1487	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Window / User API: threadDelayed 8219	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Window / User API: threadDelayed 3690	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Window / User API: threadDelayed 6149	Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99862	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99734	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99625	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99515	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99406	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99297	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99187	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 99078	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98966	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98845	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98719	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98594	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98484	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98375	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98265	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98156	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 98047	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97937	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97827	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97719	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97594	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97467	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97359	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97250	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97141	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 97031	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 598196	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597872	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597218	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596890	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596781	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596671	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596562	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596343	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596234	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596125	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 596015	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199873	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199765	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199656	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199546	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199437	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199323	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199218	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1199108	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198999	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198890	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198781	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198671	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198562	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198452	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198343	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198234	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198124	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1198015	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197906	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197796	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197687	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197578	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197468	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197359	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197250	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197140	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1197031	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196918	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196800	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196656	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196530	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196398	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196293	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196191	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1196042	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195936	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195824	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195715	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195608	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195501	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195308	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195188	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1195061	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194949	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194829	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194690	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194549	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194410	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194270	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194130	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Thread delayed: delay time: 1194009	Jump to behavior

Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: exet32Tt\|VMWare\|VirtualuterSystemd""sion\Run\
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: exet32Tt\|VMWare\|VirtualuterSystemd""sion\Run\`,
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003350000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen"select * from Win32_ComputerSystem
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003350000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.281965039.000000000121F000.00000004.00000020.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.476945103.00000000012EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Memory written: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Process created: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Queries volume information: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Queries volume information: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Code function: 4_2_015E677C GetUserNameW,

4_2_015E677C

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Turkiye_2023_order_hitado_pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.476429792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Turkiye_2023_order_hitado_pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Turkiye_2023_order_hitado_pdf.exe.4184a30.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.476429792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	121 Windows Management Instrumentation	Path Interception	111 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	1 Account Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	211 Input Capture	24 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	211 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	211 Input Capture	Scheduled Transfer	13 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	131 Virtualization/Sandbox Evasion	SSH	1 Clipboard Data	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	131 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	111 Process Injection	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Turkiye_2023_order_hitado_pdf.exe	18%	ReversingLabs	Win32.Trojan.Generic
Turkiye_2023_order_hitado_pdf.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://api.ipif8	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
api4.ipify.org	104.237.62.212	true	false	high
xxwlow.ch.files.1drv.com	unknown	unknown	false	high
onedrive.live.com	unknown	unknown	false	high
api.ipify.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://xxwlow.ch.files.1drv.com/y4mKRLJYFhkRmC6yFruchUHrAIhD6s-aH6zkuaH3Sv8Zpq5ypVsf13DyU9JAJC4HwoV	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.000000000310A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.00000000031BA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://xxwlow.ch.files.1drv.com	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.00000000030DE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ipify.org	Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://onedrive.live.com/download?resid=969678C66048EAA5	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003091000.00000004.00000800.00020000.00000000.sdmp	false		high
https://onedrive.live.com/download?resid=969678C66048EAA5%21436&authkey=	Turkiye_2023_order_hitado_pdf.exe	false		high
https://stackoverflow.com/q/14436606/23354	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://onedrive.live.com	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003091000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://api.ipify.org/Tl3	Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ipif8	Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-net	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282195758.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282521426.00000000069B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://api.ipify.org/p	Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://api4.ipify.org	Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031FA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://xxwlow.ch.files.1drv.com/y4mvAOirN_XYO1M9mlsoLGdFWqy604I15NkVWv5JvK4NnaNmrNF4_bp3DlIuU1S0Tdu	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.00000000030DE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ipify.org/t	Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Turkiye_2023_order_hitado_pdf.exe, 00000000.00000002.282051451.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031DC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://api.ipify.org	Turkiye_2023_order_hitado_pdf.exe, 00000004.00000002.477435182.00000000031FA000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.237.62.212	api4.ipify.org	United States		18450	WEBNXUS	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1313695
Start date and time:	2023-09-25 08:51:08 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	Turkiye_2023_order_hitado_pdf.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@6/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 99% Number of executed functions: 216 Number of non-executed functions: 5
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 13.107.42.13, 13.107.42.12
Excluded domains from analysis (whitelisted): www.bing.com, geover.prod.do.dsp.mp.microsoft.com, odc-web-brs.onedrive.akadns.net, client.wns.windows.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, odc-web-geo.onedrive.akadns.net, tse1.mm.bing.net, g.bing.com, odc-ch-files-brs.onedrive.akadns.net, arc.msn.com, kv801.prod.do.dsp.mp.microsoft.com, ris.api.iris.microsoft.com, l-0004.l-msedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, l-0003.l-msedge.net, displaycatalog.mp.microsoft.com, odc-ch-files-geo.onedrive.akadns.net, ch-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:52:01	API Interceptor	80033x Sleep call for process: Turkiye_2023_order_hitado_pdf.exe modified

Process:	C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1153
Entropy (8bit):	5.3580254704476
Encrypted:	false
SSDEEP:	24:ML9E4KI2KDE4KhKYIqDcfJKhwE4AYKIE4oKzeEKoZAE4KzQK3E4Ks:MxHKI2YHKhBUowHftHoBEhAHKz93HKs
MD5:	0990C4A3BBE03BEA4FD6CB4AE4279B83
SHA1:	C9C9750E67C7C5EBA25B3BB67F5BDDB7118BE781
SHA-256:	5FEEEA80060A6BA7759765083921D6331114A1D093283B2C785647B076077FAF
SHA-512:	BCCC3AAA107DA4E7CC6EB2631F28958100A19FC97D1AD10DE210927208ADF5048FB2E3BF5C5950DF3AB3A4AFE700E658DB33C9050B436BC7AC15243879F272C5
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2bef38851483abae82f1172c1aaa604c\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d04ce1d8a3042f50b54c7f9ccdb4068\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\1aff708a68d7a055e25b20efa5a36148\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8c730c7fbe608461407cf3be279cdeab\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.730222709996061
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Turkiye_2023_order_hitado_pdf.exe
File size:	6'656 bytes
MD5:	4649f9a0a86c4cd85493e581676597ed
SHA1:	03b06aa5a25bb6db5b18d5a31f0f2d26d4909f06
SHA256:	751dbee7818c202e60ffa8d060cc3c7c05e4ccda824569381c01a948364a8a96
SHA512:	8c17e2bcf21da0728209fc1d37f029841cd4da62f4ab9cb5304adc24333e3ab66d04ea55b72f1a99d977d532a1f3e90f3cf3ca7ca37c7dafcb6178f4638ac6e5
SSDEEP:	96:p7zyYkgSn3yKbGCjtCzJmk6/C42DficUuW0tT64zLywge1WzNt:UhvnraitCgkGC4DZC201i
TLSH:	7ED1C40167E89736E5734336ACB393911778FB81D997EB6F28C4210BAC577200A72BB1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q$.e............................./... ...@....@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x402fea
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x65102471 [Sun Sep 24 11:58:41 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402FF8h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
int3
das
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2f9c	0x4c	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x5b6	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2ff8	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1000	0x1000	False	0.5625	data	5.394225558549817	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x5b6	0x600	False	0.4140625	data	4.064852583294461	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6000	0xc	0x200	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x4090	0x32c	data			0.41625615763546797
RT_MANIFEST	0x43cc	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2023 08:52:37.175168037 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:37.175215006 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:37.175380945 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:37.182106972 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:37.182118893 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:37.756856918 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:37.756961107 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:37.759181023 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:37.759196043 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:37.759444952 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:37.802803993 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:37.887727022 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:37.928518057 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:38.126683950 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:38.126805067 CEST	443	49722	104.237.62.212	192.168.2.4
Sep 25, 2023 08:52:38.126895905 CEST	49722	443	192.168.2.4	104.237.62.212
Sep 25, 2023 08:52:38.128146887 CEST	49722	443	192.168.2.4	104.237.62.212

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2023 08:52:02.583503008 CEST	60838	53	192.168.2.4	8.8.8.8
Sep 25, 2023 08:52:02.726182938 CEST	53819	53	192.168.2.4	8.8.8.8
Sep 25, 2023 08:52:03.845072985 CEST	60316	53	192.168.2.4	8.8.8.8
Sep 25, 2023 08:52:04.163975954 CEST	51816	53	192.168.2.4	8.8.8.8
Sep 25, 2023 08:52:36.881234884 CEST	49817	53	192.168.2.4	8.8.8.8
Sep 25, 2023 08:52:37.019140005 CEST	53	49817	8.8.8.8	192.168.2.4
Sep 25, 2023 08:52:37.027489901 CEST	62550	53	192.168.2.4	8.8.8.8
Sep 25, 2023 08:52:37.164541960 CEST	53	62550	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 25, 2023 08:52:02.583503008 CEST	192.168.2.4	8.8.8.8	0x32e9	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:02.726182938 CEST	192.168.2.4	8.8.8.8	0x11a	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:03.845072985 CEST	192.168.2.4	8.8.8.8	0xb9bb	Standard query (0)	xxwlow.ch.files.1drv.com	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:04.163975954 CEST	192.168.2.4	8.8.8.8	0x3e4	Standard query (0)	xxwlow.ch.files.1drv.com	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:36.881234884 CEST	192.168.2.4	8.8.8.8	0x6ddf	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:37.027489901 CEST	192.168.2.4	8.8.8.8	0xb596	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 25, 2023 08:52:02.708905935 CEST	8.8.8.8	192.168.2.4	0x32e9	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:02.708905935 CEST	8.8.8.8	192.168.2.4	0x32e9	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:02.919682026 CEST	8.8.8.8	192.168.2.4	0x11a	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:02.919682026 CEST	8.8.8.8	192.168.2.4	0x11a	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:04.146502018 CEST	8.8.8.8	192.168.2.4	0xb9bb	No error (0)	xxwlow.ch.files.1drv.com	ch-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:04.146502018 CEST	8.8.8.8	192.168.2.4	0xb9bb	No error (0)	ch-files.fe.1drv.com	odc-ch-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:04.444987059 CEST	8.8.8.8	192.168.2.4	0x3e4	No error (0)	xxwlow.ch.files.1drv.com	ch-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:04.444987059 CEST	8.8.8.8	192.168.2.4	0x3e4	No error (0)	ch-files.fe.1drv.com	odc-ch-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:37.019140005 CEST	8.8.8.8	192.168.2.4	0x6ddf	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:37.019140005 CEST	8.8.8.8	192.168.2.4	0x6ddf	No error (0)	api4.ipify.org		104.237.62.212	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:37.019140005 CEST	8.8.8.8	192.168.2.4	0x6ddf	No error (0)	api4.ipify.org		173.231.16.77	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:37.019140005 CEST	8.8.8.8	192.168.2.4	0x6ddf	No error (0)	api4.ipify.org		64.185.227.156	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:37.164541960 CEST	8.8.8.8	192.168.2.4	0xb596	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Sep 25, 2023 08:52:37.164541960 CEST	8.8.8.8	192.168.2.4	0xb596	No error (0)	api4.ipify.org		173.231.16.77	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:37.164541960 CEST	8.8.8.8	192.168.2.4	0xb596	No error (0)	api4.ipify.org		64.185.227.156	A (IP address)	IN (0x0001)	false
Sep 25, 2023 08:52:37.164541960 CEST	8.8.8.8	192.168.2.4	0xb596	No error (0)	api4.ipify.org		104.237.62.212	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.ipify.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49722	104.237.62.212	443	C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe

Timestamp	Direction	Data
2023-09-25 06:52:37 UTC	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: api.ipify.org Connection: Keep-Alive
2023-09-25 06:52:38 UTC	IN	HTTP/1.1 200 OK Server: nginx/1.25.2 Date: Mon, 25 Sep 2023 06:52:38 GMT Content-Type: text/plain Content-Length: 15 Connection: close Vary: Origin
2023-09-25 06:52:38 UTC	IN	Data Raw: 31 30 32 2e 31 32 39 2e 31 35 33 2e 32 32 35 Data Ascii: 102.129.153.225

Target ID:	0
Start time:	08:52:01
Start date:	25/09/2023
Path:	C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe
Imagebase:	0xbd0000
File size:	6'656 bytes
MD5 hash:	4649F9A0A86C4CD85493E581676597ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282051451.000000000314C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282500292.0000000006900000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282195758.000000000425A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282051451.000000000333B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282051451.0000000003350000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282051451.0000000003338000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282051451.0000000003291000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282051451.0000000003358000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.282195758.000000000416C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:52:35
Start date:	25/09/2023
Path:	C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Turkiye_2023_order_hitado_pdf.exe
Imagebase:	0xcd0000
File size:	6'656 bytes
MD5 hash:	4649F9A0A86C4CD85493E581676597ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000004.00000002.476429792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	23.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	37.7%
Total number of Nodes:	61
Total number of Limit Nodes:	3

Executed Functions

Function 0171D520 Relevance: 2.4, Strings: 1, Instructions: 1176COMMON

Download Yara Rule

Strings

4, xrefs: 0171DEF5

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 7d0ba3472ad35feb09198dbd81805856a0109e9a5c3ca6dbb33236ab566e576d
Instruction ID: cb321869652d7d5bf40098128ffbbf15817fd19ad0a281c54ae0bedea1fd68f6
Opcode Fuzzy Hash: 7d0ba3472ad35feb09198dbd81805856a0109e9a5c3ca6dbb33236ab566e576d
Instruction Fuzzy Hash: 6CB2F934A00219DFDB25CF98C994BADB7B6FF48700F1481A9E505AB3A9DB709D85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0171D847 Relevance: 1.7, Strings: 1, Instructions: 495COMMON

Download Yara Rule

Strings

4, xrefs: 0171DEF5

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: c8ba129cb0bac2e6df1e4b48699a66df18ffacc3f57ead0779ed0ae5004fdd57
Instruction ID: 55d9f7547aa23c3cb823bb1f4520937f9ab64343349abf445e5f441d97b209e7
Opcode Fuzzy Hash: c8ba129cb0bac2e6df1e4b48699a66df18ffacc3f57ead0779ed0ae5004fdd57
Instruction Fuzzy Hash: 0A221834A00219DFDB25DFA8C994BADB7B2FF48304F1480A9D909AB395DB70AD81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01715D08 Relevance: .9, Instructions: 865COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6925e5e7d63165b0f2721e4358cac8feaf9654e3f5187bc4f71a6700632ae8ee
Instruction ID: 8f13719330612251ce0544dbd709535d237e5b0394e58b9e744ee13535412cfd
Opcode Fuzzy Hash: 6925e5e7d63165b0f2721e4358cac8feaf9654e3f5187bc4f71a6700632ae8ee
Instruction Fuzzy Hash: E1827D72900205CFD719CF0ED688A59BBB2FB41304F55D0A9E0299F26AD7BAED84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 06A6D6F8 Relevance: .6, Instructions: 645COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f29bcc54c9cf23dc27d9a6e25a971b7c9d0d8b2adec88ef562ee79f5ee7c6d14
Instruction ID: a9c40f26fbe7946d2ff35ba5854d0f026bd7f1451e42a44585c7ceafd5bdbda0
Opcode Fuzzy Hash: f29bcc54c9cf23dc27d9a6e25a971b7c9d0d8b2adec88ef562ee79f5ee7c6d14
Instruction Fuzzy Hash: 2E328F74B012168FCB58EB6AC49467EFBF2BF89300F248529E55AD7341DB34AC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06A61390 Relevance: .6, Instructions: 557COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55a428c4161c27787e1d7ab361f321896e11fc7eaa46af43a831d3013e9dca03
Instruction ID: 164c3194c87ee211cfa91fd73ba217f935123a7fa6c537b0065e2e26a96299c4
Opcode Fuzzy Hash: 55a428c4161c27787e1d7ab361f321896e11fc7eaa46af43a831d3013e9dca03
Instruction Fuzzy Hash: 09223634B002058FCB54EF6AC984A6ABBF2FF89715B1584A9E506DF361DB31EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 061E12A0 Relevance: .5, Instructions: 528COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c5c856922f165463f108e38e6302ae3827735b1185430438bfb494b8783b878
Instruction ID: a012db4a3be848117a58147321fd627006c83cae26113488733e485a80af755d
Opcode Fuzzy Hash: 1c5c856922f165463f108e38e6302ae3827735b1185430438bfb494b8783b878
Instruction Fuzzy Hash: 09127031B00515AFD758DBA9C850A6EB7A3FF88704F288168E906AB394DF75DD02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 061E12B0 Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1feb4319bf7ae6821f6d05d3d21beab48b3fb0445db628917fcf1323c03c19b3
Instruction ID: 79c9d29ae7702ad82f084c5e1f6540f9815ef9ee9706cae02d6ab8959a833bbd
Opcode Fuzzy Hash: 1feb4319bf7ae6821f6d05d3d21beab48b3fb0445db628917fcf1323c03c19b3
Instruction Fuzzy Hash: 29127131B00515AFD758DBA9C850B6EB7A3FF88704F288168E906AB394DF75DD02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01712700 Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083f5f3e3bf3bdf80549c017dbf1ea100e81a5e51502fa2361b0fe99b65b8da3
Instruction ID: 51261a45eb105931c6266786dee4c8476d1af8c8596817f43905f69469e07bf7
Opcode Fuzzy Hash: 083f5f3e3bf3bdf80549c017dbf1ea100e81a5e51502fa2361b0fe99b65b8da3
Instruction Fuzzy Hash: 58127D35A10219DFDB18CF6DD884AADB7F2FF88300F258669D419AB359DB34A941CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01716F7B Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a52def373e80d1c9151f57d11b2a799fd8c210190d2991afeadd1e479a3c63
Instruction ID: 2ee90786b5b7cc6b6d98e0a5ac4c352450fe284474ae2d3630ee0f7783bebf24
Opcode Fuzzy Hash: b1a52def373e80d1c9151f57d11b2a799fd8c210190d2991afeadd1e479a3c63
Instruction Fuzzy Hash: DBD1E431908646CFDB19CF6CC8806BEF7B6FB86340F5584AAD412D725EE730E9468B91

Uniqueness

Uniqueness Score: -1.00%

Function 017126F0 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8fecbb55bad1a608a92cef74b1b2cebc6e33762a432408295a6f552508f40c
Instruction ID: 773696daafca6e1abc8f5a31d82f3aa2f7b3cedb1cd115cd19b49348e9f12f39
Opcode Fuzzy Hash: fc8fecbb55bad1a608a92cef74b1b2cebc6e33762a432408295a6f552508f40c
Instruction Fuzzy Hash: F4B19035A112299FDB58DFB9DC506AEB7F3BFC8300F158669D016AB384DB34A941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0171273A Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcabafcadc5f9aaa6e387aaa0faeb13cffdb0fd128a583c1e7fd52917a8645aa
Instruction ID: 0cf568bed7efee23518330c4835e2b41b9113eea32f6cc093209c0c4ebc41e82
Opcode Fuzzy Hash: bcabafcadc5f9aaa6e387aaa0faeb13cffdb0fd128a583c1e7fd52917a8645aa
Instruction Fuzzy Hash: 67A18035A10129DFDB58DFBDD840AAEB7B3FFC8304F158669D419AB244DB34A941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01713940 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70fdd274cca96b66d1058c628f35f0cda338df27a8e60c5b24412a4e0406fd95
Instruction ID: 8f2d7a964f0f12a70c0d8b2342cdac14c983146be8285d0ce6b460887504baf8
Opcode Fuzzy Hash: 70fdd274cca96b66d1058c628f35f0cda338df27a8e60c5b24412a4e0406fd95
Instruction Fuzzy Hash: CE814C32F205199FD754DB6DD880B5EB7A3BFC8720F1A8164E419AB369DE74EC018B90

Uniqueness

Uniqueness Score: -1.00%

Function 061E0B22 Relevance: 3.1, APIs: 2, Instructions: 91
memorythreadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadContext.KERNEL32(?,00000000), ref: 061E0ACE
VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 061E0B96

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: AllocContextThreadVirtual
String ID:
API String ID: 1022704782-0
Opcode ID: 662b2c63fac07d1b8f2f3a5b6ff9b83b5fd260fd61b9fcbd0b9ae19b24dfad0a
Instruction ID: 2c1a3d2f65ea98f37c6c6f82e7f3649ba0062a6da9d645ef08182f9c81171a09
Opcode Fuzzy Hash: 662b2c63fac07d1b8f2f3a5b6ff9b83b5fd260fd61b9fcbd0b9ae19b24dfad0a
Instruction Fuzzy Hash: 77313A72C006098FDB10DFAAC844BEEBBF5EF98324F248829D455B7250C7799995CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 017123A8 Relevance: 2.6, Strings: 2, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

z, xrefs: 01712391
p, xrefs: 0171237C

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID: p$z
API String ID: 0-1007722680
Opcode ID: 7bf8b43e006a0ca0e3c6f7e7bc03ecd12915fe246a21ddc77985e2f9e09401ce
Instruction ID: f17e2e9bb7dc7decb3bce53864c96b1fcb6ce4ca55eb005c418fd0442d9003d3
Opcode Fuzzy Hash: 7bf8b43e006a0ca0e3c6f7e7bc03ecd12915fe246a21ddc77985e2f9e09401ce
Instruction Fuzzy Hash: EB41CF71A1024ADFCB09EFB9D4508ADBBB2FF48304B604469C025AB295DB79AD46CF91

Uniqueness

Uniqueness Score: -1.00%

Function 061E0D86 Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 061E0FC6

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 2a20d0bd68fe51a99f1a5d53e80e52c18a2aa9175935b614704c08ba1d6baec8
Instruction ID: b5eca01695d7bc9267d4942441e3d1e38bc3aef44649e6cddff252bd79c3a233
Opcode Fuzzy Hash: 2a20d0bd68fe51a99f1a5d53e80e52c18a2aa9175935b614704c08ba1d6baec8
Instruction Fuzzy Hash: 9FA18B71D00A59DFDB64CFA9C841BEDBBB2BF48310F1485A9E808A7240DB74D995CF91

Uniqueness

Uniqueness Score: -1.00%

Function 061E0D90 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 061E0FC6

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: cb1f5e6dc9d2b53152bd7ceae7cccef1a164f48e58a4f42e1e5cac7ce4175deb
Instruction ID: e0930d3c8db6e86d8b5b815ff756bb2acf7aed2fc8a0cf993b944081fee8a950
Opcode Fuzzy Hash: cb1f5e6dc9d2b53152bd7ceae7cccef1a164f48e58a4f42e1e5cac7ce4175deb
Instruction Fuzzy Hash: 46918B71D00A59DFDB64CFA9C841BEDBBB2BF48310F1485A9E808A7240DB749995CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06A62F10 Relevance: 1.6, Strings: 1, Instructions: 344
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 06A63171

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 082ccad45fba7920e6abb102864b88c221ef7ef40f1ca2a554aeb2893a0ebfdc
Instruction ID: 64bbd7dc6801b3cdf4c73440b46e6fa8dbda462316e76e9430be50e8230769a3
Opcode Fuzzy Hash: 082ccad45fba7920e6abb102864b88c221ef7ef40f1ca2a554aeb2893a0ebfdc
Instruction Fuzzy Hash: FAD15C30700606CFCB64EF2AC48096ABBF2FF89310B15C969E55A8B355DB30F846CB95

Uniqueness

Uniqueness Score: -1.00%

Function 061E0A48 Relevance: 1.6, APIs: 1, Instructions: 84
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadContext.KERNEL32(?,00000000), ref: 061E0ACE

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 94a9fe2975f1e04a4db12fe8e372f7c354645e7e94877edcbab56bb5e9d582ec
Instruction ID: 5e66daf063409f85c92f0158aeed6720220f4e6a9bdc8309463594b31bc5d077
Opcode Fuzzy Hash: 94a9fe2975f1e04a4db12fe8e372f7c354645e7e94877edcbab56bb5e9d582ec
Instruction Fuzzy Hash: F331CC72C007098FCB10CFAAC8817EEBBF4EF99354F10842ED455A7281C7789985CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 061E11C8 Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 061E1250

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: d0d0de5a66865553cf4a56e392fcef6579ddb95dc0cb3792dd0979faac67de9e
Instruction ID: 945c82421e455ecddbc2ff4dc02003d67cbbac67075ffd16b993cf39580bd9e0
Opcode Fuzzy Hash: d0d0de5a66865553cf4a56e392fcef6579ddb95dc0cb3792dd0979faac67de9e
Instruction Fuzzy Hash: C2214B71D0064D9FCB10DFAAC880BEEBBF4FF58354F208829E559A3241D7789944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 061E0BE0 Relevance: 1.6, APIs: 1, Instructions: 71
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 061E0C78

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 304ad7399545dc4cc3c696e6025def275f78086bb930f695de38c3c7d8e3070a
Instruction ID: 18955332b1572b6eb7a97d3d5e0c436f2a8532fcef7a229d75161d1c6408a846
Opcode Fuzzy Hash: 304ad7399545dc4cc3c696e6025def275f78086bb930f695de38c3c7d8e3070a
Instruction Fuzzy Hash: 152146729006499FCB50CFAAC984BEEBBF5FF48314F10842AE419A7240C7789954CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 061E0BE8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 061E0C78

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 1f63adbe7457c1e9cd1ce643d484b5a74667b5b21538a0935cb3a8be45a4053a
Instruction ID: 743db3ef2b0f5e9d60eb1862e5cdcd90414ca1c7f1a36ca96173b7c8c6389aea
Opcode Fuzzy Hash: 1f63adbe7457c1e9cd1ce643d484b5a74667b5b21538a0935cb3a8be45a4053a
Instruction Fuzzy Hash: 5A2127719007499FCB10CFAAC984BEEBBF5FF48324F108429E918A7350D7789954CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 061E0A50 Relevance: 1.6, APIs: 1, Instructions: 63
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadContext.KERNEL32(?,00000000), ref: 061E0ACE

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: e036187d2d1a0f76f1471f0f6abb652510e3b1817323775ddc990fa6cbf8fe09
Instruction ID: 740c42f8da217d9e214d6487bfe2d971ed95cc2ab3be2046cd93e85ab69dff3e
Opcode Fuzzy Hash: e036187d2d1a0f76f1471f0f6abb652510e3b1817323775ddc990fa6cbf8fe09
Instruction Fuzzy Hash: 14213871D006098FCB50CFAAC4847AEBBF4EF88364F14842AD459B7340C7789984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 061E11D0 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 061E1250

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 530b526e7426c3b1161fe6224841523de9aaedaf351a3e6f7daca6ba3176307c
Instruction ID: 1f90404eaca6882ad4e9cf558a8752fbbde44b5b182bbc7f7ce1bd0fe2d347e7
Opcode Fuzzy Hash: 530b526e7426c3b1161fe6224841523de9aaedaf351a3e6f7daca6ba3176307c
Instruction Fuzzy Hash: 0F213971C006499FCB10CFAAC884BEEFBF5FF48320F108429E519A7250C7789944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 061E0B28 Relevance: 1.6, APIs: 1, Instructions: 53
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 061E0B96

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 035b850e19489245fbf83918d6a58858b9b193473c899dd36be687904c319424
Instruction ID: 14adc4cde40b13b0a9bfe6a7f8aae2134d1ddc97fdc5f94becd849cad3d592b0
Opcode Fuzzy Hash: 035b850e19489245fbf83918d6a58858b9b193473c899dd36be687904c319424
Instruction Fuzzy Hash: 911126728006499FCB10DFAAC844BEEBFF5EF88324F248819D515B7250C779A954CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 061E099A Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNEL32 ref: 061E0A02

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b98e17a2a923612966af526ba87e422aaf0f4675cf32552e1717238b52eb502d
Instruction ID: 96a1f55027b969bc592947472037638f986a8fc8d3f155dc2fe86f4566ebb641
Opcode Fuzzy Hash: b98e17a2a923612966af526ba87e422aaf0f4675cf32552e1717238b52eb502d
Instruction Fuzzy Hash: C91146B1D006498ECB60CFAAC4447EEFBF5EF88324F24881AC019B7210C7789944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 061E09A0 Relevance: 1.5, APIs: 1, Instructions: 49
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNEL32 ref: 061E0A02

Memory Dump Source

Source File: 00000000.00000002.282432395.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: eccc017b8f93921445821b550defd5a0ab304a11bc5ccf99f7ad8b4ef559fed6
Instruction ID: f57822054ea4a6d1aaf5f55e16939e2c4403336d80f895c69c7a34459de8badd
Opcode Fuzzy Hash: eccc017b8f93921445821b550defd5a0ab304a11bc5ccf99f7ad8b4ef559fed6
Instruction Fuzzy Hash: EB1136B1D006488FCB10DFAAC8447AEFBF8EF88324F248819C419B7350C779A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 06A684E0 Relevance: 1.4, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 06A683DE

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c87fc75c311efdcdb7edfc0406a0ff9981c5896edefca93cb0509800f0456c14
Instruction ID: d2f54064ce1651a76611b1dba2ff290146fe6de0d4c079a9ec9413c69b8d339f
Opcode Fuzzy Hash: c87fc75c311efdcdb7edfc0406a0ff9981c5896edefca93cb0509800f0456c14
Instruction Fuzzy Hash: C9311436A101049FCB45DF59D988EA9BBB6FF48324B0680A8F50A9F372C735EC51CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01713CA1 Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

I, xrefs: 01713CA8

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 6a325135dce1749bd7770b25aeb11501a004eb9fbcd30574b48e7c7070f31614
Instruction ID: 0f7f02a921714c6816d1a69e15f16dab4d7585349af829e461770c0e42c8628e
Opcode Fuzzy Hash: 6a325135dce1749bd7770b25aeb11501a004eb9fbcd30574b48e7c7070f31614
Instruction Fuzzy Hash: 2401B1303046408FD715DF3EC85092A7BF9AF89A64B1580EAE946CB3B2DA24DC018751

Uniqueness

Uniqueness Score: -1.00%

Function 06A66400 Relevance: .7, Instructions: 677COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e14b569fb2bdec28e82cfd89912776215cae576cc4e1af155bb228bd6cf259
Instruction ID: b3ea8335f99b53ab1d75da25ff7a487468d5fceb8e3f2c77313616f8507206a7
Opcode Fuzzy Hash: 74e14b569fb2bdec28e82cfd89912776215cae576cc4e1af155bb228bd6cf259
Instruction Fuzzy Hash: 87520C75A002298FDB64DF69C950BEDBBF2BF88700F1580D9E509AB351DA319E81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 06A6E0E8 Relevance: .6, Instructions: 622COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b5dfbfd2c1d899e8716851b4af87dd7f9ea75b8a7ae3847a1d361e9bb626ee2
Instruction ID: 695b98eba5acd6f13eeb3f01f963b8ab18ce86ff4d26605611ad79076eb29a45
Opcode Fuzzy Hash: 3b5dfbfd2c1d899e8716851b4af87dd7f9ea75b8a7ae3847a1d361e9bb626ee2
Instruction Fuzzy Hash: 4822E335B046118FCB64EB6AD44066EBBF7FFC5314B18896EE15ACB741DA31EC028B90

Uniqueness

Uniqueness Score: -1.00%

Function 06A60C20 Relevance: .5, Instructions: 531COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9148872cca59813e195f6ae9f1636d87488b918e459e3f8c48d2085aad3760af
Instruction ID: 68bcec5b00205439332ed0e2d22783f4183118156d00857705363088e6037731
Opcode Fuzzy Hash: 9148872cca59813e195f6ae9f1636d87488b918e459e3f8c48d2085aad3760af
Instruction Fuzzy Hash: E1229E35A002159FDB54EFA9C490A6DBBB2FF89704F148069E905EF3A1CB75ED81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A60040 Relevance: .5, Instructions: 516COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce359d135977cb265f346425d98b884b8425663860739790e78bb6fdb4b4265f
Instruction ID: 785b0bd9cdd26c0c7e9bfb62419281cd81cc50fda449de29c5d28e45ee330b9d
Opcode Fuzzy Hash: ce359d135977cb265f346425d98b884b8425663860739790e78bb6fdb4b4265f
Instruction Fuzzy Hash: 72228130E002199FCB15EFA9D954AADBBB2FF48300F148459E951AB394DB78DD86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06A63860 Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b57b57a02167cc8a2346cd20ee3a4a654a21f0ca2f2d9fa69d8a6d185e2ae2e6
Instruction ID: c7114071767b0785f438c955ed5b07b9629d6def825a01266424376ff68b812c
Opcode Fuzzy Hash: b57b57a02167cc8a2346cd20ee3a4a654a21f0ca2f2d9fa69d8a6d185e2ae2e6
Instruction Fuzzy Hash: 3B126C31A00605CFCB65EFAAD484A6EBBF2FF88304B14852DE5169B355DB35EC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A692E8 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb0ee25d74a2fdb6f01080427c3a5788789351b3a53654e72826afd180f69d61
Instruction ID: cebf795d3cb2aeb11c366d409c801579ab97e5484b37272aa4b0c2e4303e7379
Opcode Fuzzy Hash: cb0ee25d74a2fdb6f01080427c3a5788789351b3a53654e72826afd180f69d61
Instruction Fuzzy Hash: 91123B34A00219CFCB54EF69C994AADB7B2BF89300F5185A8E50AAB355DF30ED85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A67298 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d69365ca8f8b5b9d4eb2bbc4a9100601384d408ed2e2f3bc4bb2be4e22f180f
Instruction ID: b9709410004d926513221e8da08453fce978d85a79944534da3f1f53ecca441b
Opcode Fuzzy Hash: 1d69365ca8f8b5b9d4eb2bbc4a9100601384d408ed2e2f3bc4bb2be4e22f180f
Instruction Fuzzy Hash: BEE1C270B202168FDB95BF6AC444A3EBBB2FF84604F244469F552CB395DA78CD42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 01716AD0 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1abf9f107ded2e239f5393476ff8800a1cbb64187694e3cab5700646f2738df6
Instruction ID: 680cf90b130067ed1820cc1e5bdf691a788d3b38487a5d820111808d4146ef5b
Opcode Fuzzy Hash: 1abf9f107ded2e239f5393476ff8800a1cbb64187694e3cab5700646f2738df6
Instruction Fuzzy Hash: C1E1C071A042098FCF05DF5CC8806AEFBB6FF48300F55C56AE505AB25AE7B5E945CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06A65528 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b424ff415bebaaa0f335185e0231c15942b3614aad081f60afedf209aa2c730
Instruction ID: c84ffa30c609251b429cd56c3f60db8f17f4e1e04bd75ff2bef02e1101472b32
Opcode Fuzzy Hash: 6b424ff415bebaaa0f335185e0231c15942b3614aad081f60afedf209aa2c730
Instruction Fuzzy Hash: F1F10D34E10119CFCB58EFA4D998AADB7B2FF89300F558168E506AB365DB70EC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06A30078 Relevance: .4, Instructions: 365COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282580536.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 302ea47b53d62ae8d22664cf77825d2a09bbe4549dfa78f22c70e99af7ad414e
Instruction ID: 255a20c233cb56ef83879063685249738b4cd831fee788c02a57d68092532919
Opcode Fuzzy Hash: 302ea47b53d62ae8d22664cf77825d2a09bbe4549dfa78f22c70e99af7ad414e
Instruction Fuzzy Hash: 8AB18530F502328BDBF93B6D995073AA5D6EFD9A50F1444A9EA46DF244DE20CD02C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A018 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 236c910245655e0c9c778149bea75a71a98443cfe18bebca3e433ad4fff180e9
Instruction ID: d05134d92017164893a1a9922adbc544124da0ce06e0df9be3ec8b81a7e6327b
Opcode Fuzzy Hash: 236c910245655e0c9c778149bea75a71a98443cfe18bebca3e433ad4fff180e9
Instruction Fuzzy Hash: 91A1A031744201DFC759AF69D954E2A7BB3FF89300B1580A9E6069F3A2CB36DC42DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0171C6A8 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5241a334946f45a6e29421c11eba85df4d43eafd3e1ffa6fdc8e033fa59a3ee7
Instruction ID: 75a3ccfcc70afde6ed4ef1bc0c45d29fc6be39b7d1c5397a0fc3d0d296b2371e
Opcode Fuzzy Hash: 5241a334946f45a6e29421c11eba85df4d43eafd3e1ffa6fdc8e033fa59a3ee7
Instruction Fuzzy Hash: 7AA1AC35A412058FDB16DFA8D494AADFBB2FF88310F148069E911DB395CB35DD41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 06A69C50 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c04cb9fe039d7b902a35add41a9de0334500248b24e530bd68522739ea91684
Instruction ID: 68cb14dc9a4617bf176c073de4db8d67151d701d79de68378c10c8f4dd5b6799
Opcode Fuzzy Hash: 8c04cb9fe039d7b902a35add41a9de0334500248b24e530bd68522739ea91684
Instruction Fuzzy Hash: 96A1CC34A01209DFCB54EF65E9949ADBBB2FF89310F518565F912AB364DB30AC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0171BF30 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c2757b4c77777be80ebe5b9df2a0ee16de87a282b5c59abfe489450c48ecf57
Instruction ID: 107a73aecc9e2dd924982f3541e493b483b6c4fb95ac57647e8e7e1f075210c1
Opcode Fuzzy Hash: 9c2757b4c77777be80ebe5b9df2a0ee16de87a282b5c59abfe489450c48ecf57
Instruction Fuzzy Hash: A981DD35A0021A9FCB05DF6CC484AAEFBB1FF4A310F1581A9E515AB366C731EC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A65519 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1bd38eb989578c69f5cc64cb88798ecf5d1048069ce1847d912f6ddd7ee3d09
Instruction ID: 11e0b1a1073efaa68738645da62a6eb908c5955d159f7772e9515010d7193c06
Opcode Fuzzy Hash: a1bd38eb989578c69f5cc64cb88798ecf5d1048069ce1847d912f6ddd7ee3d09
Instruction Fuzzy Hash: 64A12F34E10119CFCB58EFA5D99899DB7B2FF89300F558159E406AB365DB30EC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A338 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2422c83a3bfe2803484b37621f3107b4c606737051205166fb9a97046b2b1027
Instruction ID: 3489fe0d440a0f74c218dcd77f94d26526a3b10b6e93e044e3203c0b840eb925
Opcode Fuzzy Hash: 2422c83a3bfe2803484b37621f3107b4c606737051205166fb9a97046b2b1027
Instruction Fuzzy Hash: A6814E30B102149FCB55EF69D898A6DB7B6FF49700F1580A9F5169B361CB70EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01717C63 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b3a29d7edc99b608a1786bc295b1936a0d56b33eebac8cf8880ab1c96f578e9
Instruction ID: 6d011090d1f1766070f9d827a5bafb0a5aa386cda2ba2da7df2e3479dd1dbd76
Opcode Fuzzy Hash: 9b3a29d7edc99b608a1786bc295b1936a0d56b33eebac8cf8880ab1c96f578e9
Instruction Fuzzy Hash: AB613330B042448FD71D9A7C8C5073EBAABAF89710F2944BAD406DB3CADE719D4587E2

Uniqueness

Uniqueness Score: -1.00%

Function 06A620F0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4ed7e453cf675d82b535dacb9a135ae7bb331d5ed79d495e2444e56ff45e978
Instruction ID: 41a3bc5b2705c203e0f5933dba5aeb84eeaa4108fbe79fd193679509757bff33
Opcode Fuzzy Hash: d4ed7e453cf675d82b535dacb9a135ae7bb331d5ed79d495e2444e56ff45e978
Instruction Fuzzy Hash: 5D812F35A00514CFDB54EFAAC884A9EB7F6FF48710B1581A9E916DB361DB30ED42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A67D58 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b298731209923f8838a977e9c8233286d80cc816fa4f99ed2d6986d562a38546
Instruction ID: 7a1923ea227d2125d29ce068e3d3485b0ecb224a015eadfd3c79b56609fd996c
Opcode Fuzzy Hash: b298731209923f8838a977e9c8233286d80cc816fa4f99ed2d6986d562a38546
Instruction Fuzzy Hash: 53517E32A101189FDF15DF55D844A99BBB2FF8A314F0580E5EA09AF262C731ED5ACB90

Uniqueness

Uniqueness Score: -1.00%

Function 01717C88 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76e93df27ad16d551d6263dc3a6807fd369cbbf4a46f247861cab4a708004eff
Instruction ID: cd1b2b23a5b28eb267b2f237d66702d4a58fc1cd7a57cc825e8841da95340d5b
Opcode Fuzzy Hash: 76e93df27ad16d551d6263dc3a6807fd369cbbf4a46f247861cab4a708004eff
Instruction Fuzzy Hash: D1510430B001158BD75CAA7C889073FBAABAB88710F2884B9D516DB3CCDE71DD4187D2

Uniqueness

Uniqueness Score: -1.00%

Function 01715670 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53d4b46ecd09d54baeb90b9f457432803aeef80fc04697e46aeb345938273426
Instruction ID: 4367b4138289502a9a546421616ddf23236ba921e76876ce5834319312a5ba15
Opcode Fuzzy Hash: 53d4b46ecd09d54baeb90b9f457432803aeef80fc04697e46aeb345938273426
Instruction Fuzzy Hash: 43514831B001159FC75DAB7C881467EFBA7AFCB710B2484AAD505DB79DDE208D018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 0171F3C1 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed39ce529ac5db116a756f9c1f2105afe5d253ab58a6ce9f8ce1601cb2134f9
Instruction ID: 1a7b0d43868c140a6fa3f5e8a434b841a1802cbf688acb83149f6811848c779a
Opcode Fuzzy Hash: fed39ce529ac5db116a756f9c1f2105afe5d253ab58a6ce9f8ce1601cb2134f9
Instruction Fuzzy Hash: 9B51A1307002118FC729AF7DC45462EB7A6BF89314B24846DE9169B3A8DF35EC47CB95

Uniqueness

Uniqueness Score: -1.00%

Function 06A61C12 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6e9bdf51efe66b1566f68d46fa574a8aef82e121ce61c66dec1ece43865eb3c
Instruction ID: 124ce60379cff1fe909e1d5f89b81731071c87d21f7659e1caaaf237d60b7b90
Opcode Fuzzy Hash: a6e9bdf51efe66b1566f68d46fa574a8aef82e121ce61c66dec1ece43865eb3c
Instruction Fuzzy Hash: 8151BF313006558FDB19EF2AD454AAE3BA2FF85304B24846AF8158F395CB35DC47CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0171D0E8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01c44dbe52c04871e4dff75b0fa955f3155b528b0a0b38b2c7e547dc4910dff0
Instruction ID: 9732c1904851c2b6d3619a2ddb11323b95233bba598ab161fb8298f986c790fb
Opcode Fuzzy Hash: 01c44dbe52c04871e4dff75b0fa955f3155b528b0a0b38b2c7e547dc4910dff0
Instruction Fuzzy Hash: 3151CD317002114FDB28DB7ED8446AEBBE6AFC9704B248479E519DB395DF30EC068B91

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A328 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3106708480590401b58427ad5c9fc8a788c8f55dbaf4b032662a164b168f0f7a
Instruction ID: 880b1644e8ad7cc34034ac73787cfe35066eca0cba697519ed640ab66cc9e29c
Opcode Fuzzy Hash: 3106708480590401b58427ad5c9fc8a788c8f55dbaf4b032662a164b168f0f7a
Instruction Fuzzy Hash: 55611934A10214DFCB44EF69C898AADB7B6FF89610F158169F516AB361CB30EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0171AF78 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baffaab1d79bd6876562d16f4a823e7936863b8a7d4bb5c29ddb5a72619ad18b
Instruction ID: 4da10ca59e885cd371b5eaab3af16f15e3b1643204d0c7da4cf20263b6025186
Opcode Fuzzy Hash: baffaab1d79bd6876562d16f4a823e7936863b8a7d4bb5c29ddb5a72619ad18b
Instruction Fuzzy Hash: CA512F76600101AFCB469FA8C844D69BFB7FF8D31471980D9E6099B372DA36DC22EB51

Uniqueness

Uniqueness Score: -1.00%

Function 06A6FB9D Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1ca4e281aebb28ae5dfb403e14d683e4ab78e45260626734c4635427539131
Instruction ID: ff454edfba0f96d93f03986d01b3a3485790e26f9c6f74b66e0c0638d1dedcd5
Opcode Fuzzy Hash: 6f1ca4e281aebb28ae5dfb403e14d683e4ab78e45260626734c4635427539131
Instruction Fuzzy Hash: EA511B31E093954FCB46EB7998101DEBFF2AFC6210B1981ABD455EB391DA348D0AC7A1

Uniqueness

Uniqueness Score: -1.00%

Function 01715AC8 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c38b0828610a60a1edea56256f442e4be42bdbb391840389f689932fa43a1afe
Instruction ID: b3ceab3df193618a60ce3b8b0b02fe2d355a63d494cd8ac4eadcc27e20d2bd25
Opcode Fuzzy Hash: c38b0828610a60a1edea56256f442e4be42bdbb391840389f689932fa43a1afe
Instruction Fuzzy Hash: 15517831A08705CBD738CF6DD444666F7F2FB86300F148A6AC45687699E735E985CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06A306E8 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282580536.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa760d5cbd50337a96c94179b2d0fda64bbcd0babed311cad242687db164f264
Instruction ID: 276fc1ef07da56f764876a296129c1f6f14f33c4d9d1282fa15e1cd4cc8b8d6b
Opcode Fuzzy Hash: fa760d5cbd50337a96c94179b2d0fda64bbcd0babed311cad242687db164f264
Instruction Fuzzy Hash: 0D415B38F656358B4BFA77A9856023E61D7ABC8650B1A8929F953DF340EF24CC0357C2

Uniqueness

Uniqueness Score: -1.00%

Function 06A650F8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 782ee67e329b5b8da604ab606854f3d3a377dc66c9bb3a3b795279a9f95eff62
Instruction ID: 59956f65d604ec23f40df53c99fcf806b2dcb24846080aeb5df9cefe9bca98c3
Opcode Fuzzy Hash: 782ee67e329b5b8da604ab606854f3d3a377dc66c9bb3a3b795279a9f95eff62
Instruction Fuzzy Hash: 75511D34B4050ADFCB18AF68E498AAE7BB6FF89701F008169E50297364DF749D46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0171B980 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fc10eea8e24b98c1507b666a6921470fc7d3f5cd4903183838e8cb76af42c6
Instruction ID: 2c9beea428c5512be5783905178ccb8ccf5c8b6dbb6a0e4e73c0c3d7a84b8f28
Opcode Fuzzy Hash: e3fc10eea8e24b98c1507b666a6921470fc7d3f5cd4903183838e8cb76af42c6
Instruction Fuzzy Hash: 6C5120312047418FD325DF3EC050357BBF2AF84314F14C969E45A8B795DB34E90A8BA1

Uniqueness

Uniqueness Score: -1.00%

Function 01716C43 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89010dda8c8ee4e54c05f97bcc59d9115409a0bbc2af8bcc47cbcb4514f22846
Instruction ID: 96bc7274392d3b898ae9ec9228e3eb5bbe1da5ee29f44d77a67a112ace2049cf
Opcode Fuzzy Hash: 89010dda8c8ee4e54c05f97bcc59d9115409a0bbc2af8bcc47cbcb4514f22846
Instruction Fuzzy Hash: A9516C30E141098BDB05DF9CC480AEEFBB2FF48300F14C566E455AB249E7B4E945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06A69097 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc26285ae4a6f264b4917785081aef3a1afe7630618ada5a900b537ee03f0747
Instruction ID: 03a5ba4988ab0d4dfefff6449d5a5cdd3a078903530a810c8f820110ab749479
Opcode Fuzzy Hash: bc26285ae4a6f264b4917785081aef3a1afe7630618ada5a900b537ee03f0747
Instruction Fuzzy Hash: FE418E30B102148FCB89BB69C994AAEB7E7EFC9700F514429F412AB394CF749C06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01716C50 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c0aeee1ca089877eebaa03a1e2a364d966f42dfab0daa533eff5ae69fcbc798
Instruction ID: 15075d3016d10808ebd808d48a2bc20be05b86d3b892cdfd9aa2beee7dd084cf
Opcode Fuzzy Hash: 5c0aeee1ca089877eebaa03a1e2a364d966f42dfab0daa533eff5ae69fcbc798
Instruction Fuzzy Hash: 52513871E101099BDB05DFACC480AAEF7B6FF48300F14C565E855AB249E7B4F9858BA1

Uniqueness

Uniqueness Score: -1.00%

Function 06A30520 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282580536.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c7f5b880b687e91580544cd799f0ca35e1cfb97cbae16a6fef320102b844cca
Instruction ID: c6959a64d55f1965e8608e3050094e91bbbfefb3ec081c830a722f1686ce2bea
Opcode Fuzzy Hash: 3c7f5b880b687e91580544cd799f0ca35e1cfb97cbae16a6fef320102b844cca
Instruction Fuzzy Hash: 6A419131F502318B8BF97769991023A25E7AFD9B50F1584A9EA06CF248DFB1DC42C792

Uniqueness

Uniqueness Score: -1.00%

Function 01719931 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a7b03ab832f63c1d2a266dd5e8c5b730443abe142f36fbcdc0ccd289a5452d
Instruction ID: 5dbcca71b71063bf3d71cfef9a82af7075f280d6d33ab1e7c568e5826841484c
Opcode Fuzzy Hash: b5a7b03ab832f63c1d2a266dd5e8c5b730443abe142f36fbcdc0ccd289a5452d
Instruction Fuzzy Hash: D841DF31A0425A9FDB05CFB9D850ADCBFF2FF89308F14806ADA45B7285DB399906CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0171C9C8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71d3dc69fae48eb5d3475a71f03b8703b8edce36e0a2ed698a48ed00435a2954
Instruction ID: e4ce9f5e4d009b3c3058a46ab0b72f0a35407a7c66683363268cf0f9ca71564f
Opcode Fuzzy Hash: 71d3dc69fae48eb5d3475a71f03b8703b8edce36e0a2ed698a48ed00435a2954
Instruction Fuzzy Hash: C8414031B402059FDB26DFADD894B6ABBF6FF88700F108469E5169B348DB35E901CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01715661 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 503b601d777b06bb2de3f80321e0b68b4377d3d78fa3dd3faf98131b23ea0f7e
Instruction ID: d91ab712d1b8f767b8101aa8c766247f3eb98814ed78e5f09e5133b139c60676
Opcode Fuzzy Hash: 503b601d777b06bb2de3f80321e0b68b4377d3d78fa3dd3faf98131b23ea0f7e
Instruction Fuzzy Hash: 1D31FC35B00115DFD75CBA7C592127EFAA69FC7750B1548BAC502DB78DDE248D008BE2

Uniqueness

Uniqueness Score: -1.00%

Function 0171CE10 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 697681e3e8946647645791e1a5efffaba6eecf7147cc0773489a5cd09c1a1563
Instruction ID: 19855c7a5d459ecea0af80ed535574787ed83ed8c5bf3aa0f32648e0eac0c96a
Opcode Fuzzy Hash: 697681e3e8946647645791e1a5efffaba6eecf7147cc0773489a5cd09c1a1563
Instruction Fuzzy Hash: B8417C357001058FCB15DFADC8909AEBBB2EF89310B158069EA01EF365DB31ED46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01716AC3 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a635226cc49b6cbe7cf7b7e9924261c2b2178699b54009800bb6952fd9b47265
Instruction ID: ca408e1c351fd64679ac0f4b6e2ac5986b464a9f021f71cc698325680805874a
Opcode Fuzzy Hash: a635226cc49b6cbe7cf7b7e9924261c2b2178699b54009800bb6952fd9b47265
Instruction Fuzzy Hash: F441A771E0420ACFDB15DF9CC880AAEF7B2FF45300F6584AAE505A725AD770A945CB51

Uniqueness

Uniqueness Score: -1.00%

Function 06A6FCC0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2537d27d82529de7d0855d5649ddbdd1979466d76927c884052160906ac10c
Instruction ID: 1043424657d3af0e981cd4bd973f43d2a829896f54e1fc0b0a613ae744d9fc77
Opcode Fuzzy Hash: 3b2537d27d82529de7d0855d5649ddbdd1979466d76927c884052160906ac10c
Instruction Fuzzy Hash: D1410C74E10219DFDB58EFAAD4546ADBBF3BF88714F248065E411AB244DB70AC41CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 06A65929 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08fd41186aac932d88469076ed991bf6838d431ee99ed055c9a8513455654a23
Instruction ID: 706fe186b7cc73d2719b7d191a77420653820fa54e021b948d5e26c14ac2db57
Opcode Fuzzy Hash: 08fd41186aac932d88469076ed991bf6838d431ee99ed055c9a8513455654a23
Instruction Fuzzy Hash: CF410534B40205CFD758EFA4D998AAD7BB2FF49704F214168E502AB3A5CB31EC42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06A62092 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e72905778609496cdbf3c182ea386927ee679f45fd66a17627e0eca95afdb2
Instruction ID: 61f9916ddca2a7a4fb119bbbeff43713aef36245db37f42fd19eeeaf9b2ca48c
Opcode Fuzzy Hash: 48e72905778609496cdbf3c182ea386927ee679f45fd66a17627e0eca95afdb2
Instruction Fuzzy Hash: AB312972A082489FCB15DBA5D850ADEBFB9EF49310F0540A7F645EB251C634AD05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0171CB58 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e537dc8d361f6c29563a6e927e4dfeb2b9d21fae91540f95de83f04d2b4c39a
Instruction ID: d570001832d0df02bcb76f52a043715cef9d97423c918a0a9aba91268d1460bb
Opcode Fuzzy Hash: 1e537dc8d361f6c29563a6e927e4dfeb2b9d21fae91540f95de83f04d2b4c39a
Instruction Fuzzy Hash: 5C416671A40216CFDB26CFADC844AAEFBB2FB88314F00846AD616E7255D738DD45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0171B828 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1427725710f7a89e4e02f8c4757a6e79fecd11222ba07b654d00583360ec2f
Instruction ID: 973f90809dbed4d93f3b9b1bc2d175a8e6c75a7d16371c7cbe727f7103ee9192
Opcode Fuzzy Hash: 4c1427725710f7a89e4e02f8c4757a6e79fecd11222ba07b654d00583360ec2f
Instruction Fuzzy Hash: A521E335304155AFDB186B6ED8409AABF6AEB89710B148079FA088B355DF318C568790

Uniqueness

Uniqueness Score: -1.00%

Function 0171D50F Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3cbab178623976fca3acdcf3d44842f22aff3a91e71ee0f3b36ea287d0af7a4
Instruction ID: 8412cca451b25790bd8bda8e84ffddff9704b3eb52c4c2557b1f52d784e35898
Opcode Fuzzy Hash: c3cbab178623976fca3acdcf3d44842f22aff3a91e71ee0f3b36ea287d0af7a4
Instruction Fuzzy Hash: 0641F634A412288FEB25DF68CD94F99BBB1BF59310F1105D5EA09AB3A5C631ED81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6B310 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4308826d76155523a1e5292b3a78a468b0ab50234dfb9dfce613c6bd4f967404
Instruction ID: 12ca67d19fc7ff025d5e1f75eb8d7df14cb303f8ffdb0aae64f82c6ef9305cc3
Opcode Fuzzy Hash: 4308826d76155523a1e5292b3a78a468b0ab50234dfb9dfce613c6bd4f967404
Instruction Fuzzy Hash: AD313534A046458FCB41EF78C8509AEBFB1EF8A200F0041AAE101DB321DB34A907CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A650 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b44b5198333b8b21cd47cf7db28c4a5dbbca09c91eba892aa02c0eace6e456
Instruction ID: 4f89f68becded07309670b4c0efabf7034a5a72b510272852b9c8b2ba2e5b5aa
Opcode Fuzzy Hash: c3b44b5198333b8b21cd47cf7db28c4a5dbbca09c91eba892aa02c0eace6e456
Instruction Fuzzy Hash: CC316C35B001189FDB54EFA5D954AEEBBB6FF88310F108029E911BB294CB75AD45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06A64590 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56bbb83ac7592bdfc549258740f10c840875b9bbc3819a79d5677d86ef85d4b8
Instruction ID: 70ebbb7920da1745c1758767972d06a20805c2cb94767e53fdc64a646215b7eb
Opcode Fuzzy Hash: 56bbb83ac7592bdfc549258740f10c840875b9bbc3819a79d5677d86ef85d4b8
Instruction Fuzzy Hash: 68318135601111DFCB55AF98C95496ABBB3FF8C310F0591A8EA159B3A1CA31EC56CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01710839 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7c2dcf26a707ad1532b0d1bdc2f4b30ec76e2e1110514ca8e08873b4371a3ce
Instruction ID: 637ed04df31ab777368e9aa788e17a75c47effc5e44f608f1ffdd777dea3da89
Opcode Fuzzy Hash: b7c2dcf26a707ad1532b0d1bdc2f4b30ec76e2e1110514ca8e08873b4371a3ce
Instruction Fuzzy Hash: C5315E307102049FCB44AF69C4586AEBBE7BF89708F25486DE406EB354CF759C468B90

Uniqueness

Uniqueness Score: -1.00%

Function 06A6FA50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a52fc0876bdf2df62a9b22c375658e6725097ef5f13cdbd969c54bef0f6a08
Instruction ID: d890f49659f9e2e433be1ab36e50cee1300211e5c8de876bd6e72be37631bcdd
Opcode Fuzzy Hash: f7a52fc0876bdf2df62a9b22c375658e6725097ef5f13cdbd969c54bef0f6a08
Instruction Fuzzy Hash: 27318030B002068FCB18FB79D1686ADBBF2EF88215F548428D502AB385EF34DC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01711334 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15825507ac5ddffdd7c8ca38b542dedad625261d60eb74b7ecc79bc20634d540
Instruction ID: d6738d1324e14d1857d6e8bd7216b2307c38c202186809f2ce9e8ad952e3867b
Opcode Fuzzy Hash: 15825507ac5ddffdd7c8ca38b542dedad625261d60eb74b7ecc79bc20634d540
Instruction Fuzzy Hash: C63136B0D002499FCB14CFA9D990AEEBFF5AF48350F24806AE949AB254DB749945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A65E98 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96c9aa4bdea1603033f20770d984b894e9ad4d4140f504acb851da035bbcf4d
Instruction ID: 643e6a23b36b665478f37d80b8311e7742027e8c391ea27d56fb568d28438fca
Opcode Fuzzy Hash: f96c9aa4bdea1603033f20770d984b894e9ad4d4140f504acb851da035bbcf4d
Instruction Fuzzy Hash: 6D21B032B042518FD775AB6AE444A66BBE5EF85321B19847AF25ECB241CB31EC42C760

Uniqueness

Uniqueness Score: -1.00%

Function 017159C8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d527bb7c43f17c08bb44b6a2100ac8e360bda37e06ef3a3b66378b6e934358d
Instruction ID: 77a90c6cdea9ff100ad3371bcba77abb625764583bad458749a8713059e5ac67
Opcode Fuzzy Hash: 5d527bb7c43f17c08bb44b6a2100ac8e360bda37e06ef3a3b66378b6e934358d
Instruction Fuzzy Hash: F021B3333883059FE769896DD8C836BFED5EBC3264F08463AD546C2289E664DA80C351

Uniqueness

Uniqueness Score: -1.00%

Function 01710848 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f659e51dd7440883c51b62ae0b8b09897f8c521c8848cdf16d2d28417c3bde15
Instruction ID: 2062a1089a97bc5de8eb933fccf681bcea001414538abda2fc261e6142b60c27
Opcode Fuzzy Hash: f659e51dd7440883c51b62ae0b8b09897f8c521c8848cdf16d2d28417c3bde15
Instruction Fuzzy Hash: 5F314130B102149FCB44AF6DC45866EBBE7BF88704F24886DE406EB354CF759C468B90

Uniqueness

Uniqueness Score: -1.00%

Function 01712339 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303bcb058410b9c9d974edafd0373205aaac95ec42669b3cd34953068ffec60e
Instruction ID: 328ab225924cbb60a799a430a9f0f496435935c991260b1f7e469bf562eb48bf
Opcode Fuzzy Hash: 303bcb058410b9c9d974edafd0373205aaac95ec42669b3cd34953068ffec60e
Instruction Fuzzy Hash: 9331B470A1020ADFCB09DFA9D8505ED7BB2FF88304F604069D125AB284DF39AD46CF94

Uniqueness

Uniqueness Score: -1.00%

Function 01711340 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfecf231dddbc1d3a130d80c7a75499c87ce4d3bd6794c37aef1a2364ce980bc
Instruction ID: 9896fb61830217e1517cb7aa9bf888b0b64aea0f5ac7c992d58490a96b49bf81
Opcode Fuzzy Hash: cfecf231dddbc1d3a130d80c7a75499c87ce4d3bd6794c37aef1a2364ce980bc
Instruction Fuzzy Hash: A0311470D00249DFDB14DFAAD990AEEBFF5AF48350F648029E948AB354DB749941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 017125B0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ec25711af5752e4e1eb7043dc7ce46eafca37638c433a53d4210bb0cb07c768
Instruction ID: a6a1b33b99a741de0f153758224534432a02c688f73d4abda36ec4e33df998cb
Opcode Fuzzy Hash: 6ec25711af5752e4e1eb7043dc7ce46eafca37638c433a53d4210bb0cb07c768
Instruction Fuzzy Hash: E521D830A1424B9FCF15DFB8D44056D7BB5EF45304B2485EAC055DB287DB35AD428F85

Uniqueness

Uniqueness Score: -1.00%

Function 06A6FE88 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c0e00e51f28afeeea2af5f3d196cbd4603c8ffabab35fceea3360afea2c96f2
Instruction ID: a7745f74a7569f8622a2a0f1bdfd0910f7b8b2a513b9e8e56abc67f293f64c37
Opcode Fuzzy Hash: 2c0e00e51f28afeeea2af5f3d196cbd4603c8ffabab35fceea3360afea2c96f2
Instruction Fuzzy Hash: 1621C831A002458FCF84DF7AE98059BBBB5FF9132072486A6D958DF146E331E615CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0171A318 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53fb2ea8955345dca27f65fcfc35fab6444b6b0de6e7d14699866347595c98ca
Instruction ID: 54c2b8f7207a323d1280764ca59c8bb16a089032dae031b8ddd80d0a5018c561
Opcode Fuzzy Hash: 53fb2ea8955345dca27f65fcfc35fab6444b6b0de6e7d14699866347595c98ca
Instruction Fuzzy Hash: A121B2307542459FCB149B7CD818B5EBFF6EF89720F2481A9E412DB3A5DA748C058B91

Uniqueness

Uniqueness Score: -1.00%

Function 017153E8 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0430adc096b4b574d37080b7c5957ee2c91df538ee53f1a8798405d2da18a2
Instruction ID: e4b285b888ff9c1bcc0e8c11eb81cda2e20efdf40a008a3289667a776c963446
Opcode Fuzzy Hash: 9f0430adc096b4b574d37080b7c5957ee2c91df538ee53f1a8798405d2da18a2
Instruction Fuzzy Hash: 6E31F574B40114CFDB18DBACC958BADB7B2BF89305F2000A9E916DB3A9CB759C42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6B320 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 006f5ec991baff604bbf89146faac181e87ffb9d3def3431d412ce933cabd710
Instruction ID: 1d07eacdfa1c4db6042281f072bb9a8cb518780d0038ba263b66e1e77b92e957
Opcode Fuzzy Hash: 006f5ec991baff604bbf89146faac181e87ffb9d3def3431d412ce933cabd710
Instruction Fuzzy Hash: 69219630F10A0ACFCB44FF69C5548AEF7B5EF89700B50416AE51697364EF70AA46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0171FB80 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aed55ba5fadf948f46ccf3e1d84d68c56316b8de6613c2699be7a44163783cc
Instruction ID: a2a22eb5ca7c8e1f38b24813b41d1e377cddb011a8614f1e381d47076b8de924
Opcode Fuzzy Hash: 9aed55ba5fadf948f46ccf3e1d84d68c56316b8de6613c2699be7a44163783cc
Instruction Fuzzy Hash: E7215E713041559FEB12CF2DC894AAA7FE6BF8A354B094096FD44CB265C671DC51DB20

Uniqueness

Uniqueness Score: -1.00%

Function 0171F2F0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 505fa1b5079fe44f5150da01dd4b217add382e8ef0fed187cabf5a349f60dca2
Instruction ID: a39cb1b7b97db31aa4e213d8e400a0ede8a590bd34d3887a5d23fcf8bf884ad2
Opcode Fuzzy Hash: 505fa1b5079fe44f5150da01dd4b217add382e8ef0fed187cabf5a349f60dca2
Instruction Fuzzy Hash: FA213771A00219DFEB50DBBCD904BAEFBF5AF44350F1480A6D919DB298E734CA58CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0171B321 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73223bae6e4221f7dc7af14a11a8cfcc8a127dd1f3204db7cb33001390554fbe
Instruction ID: 415d9d26ab30fb37ad1b53ac9f47b9665dcfc4e2e0b0049400501d386c1a7854
Opcode Fuzzy Hash: 73223bae6e4221f7dc7af14a11a8cfcc8a127dd1f3204db7cb33001390554fbe
Instruction Fuzzy Hash: CE214F35A042599FDB15DFA9C4549EEBFB2EF8C720F148129E921A7394CB319C42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01710A48 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f9f4b1561fa0b3891b3757a9b55affedc962592209d4b093077d3e1d1c9a1bb
Instruction ID: d87e1ccb55a9e1c776fbe87257da67490ab68ab9899eb985da0236ca87bc70a3
Opcode Fuzzy Hash: 3f9f4b1561fa0b3891b3757a9b55affedc962592209d4b093077d3e1d1c9a1bb
Instruction Fuzzy Hash: 0D218E31B002049FCB19AFBAC0485EDBBF2EFCE645F148869D406A7350EF369846DB11

Uniqueness

Uniqueness Score: -1.00%

Function 01719BB8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0712d1cf15f558d9df71c318fbc711720c0c5ba22c26fc16d141dae95ba40d34
Instruction ID: 0dcb633dde5ce537c8267b9db22ccc9226f4aea9d4223d44b0a2365f1f084327
Opcode Fuzzy Hash: 0712d1cf15f558d9df71c318fbc711720c0c5ba22c26fc16d141dae95ba40d34
Instruction Fuzzy Hash: 59214B70A00209DFDB18CF69C568BADBBF1BF88314F144069D502A7394DB759D82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01713CB0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b6262d3b1ce48d00bec144b3aabaf4dafc486b123e2cd073cac3c31876ea62
Instruction ID: b27877be967952e8dca2b98fdc6c64d84daa988e68b3f6bac4b06dc4343cdf9b
Opcode Fuzzy Hash: b2b6262d3b1ce48d00bec144b3aabaf4dafc486b123e2cd073cac3c31876ea62
Instruction Fuzzy Hash: B9119E313404208FDB68DBBDD85492ABBE9FF88B6475580A9F50ACB371DA21DC408B90

Uniqueness

Uniqueness Score: -1.00%

Function 0171CB47 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b50169e498f2094af3ddd90a1c9bb63b468fbcf2d3870177e4166bf80581be77
Instruction ID: 184005c24ab8fa8a45a467ae60d8b39bb4f27bc1645afd8a2a7e6e205d456c6b
Opcode Fuzzy Hash: b50169e498f2094af3ddd90a1c9bb63b468fbcf2d3870177e4166bf80581be77
Instruction Fuzzy Hash: FB218975A00216CFCB15DFADD844AAEBBF2FF89614F008569D91AE7315E7349C42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01719BA8 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b254ca5c575c7a1f991e11b2e58dd134ba522ee88050762b55d6d4b42b99f4
Instruction ID: dfbad15ef05b9213603e956668e017b19d0fd6d270f97e5a4220b809f7cd90de
Opcode Fuzzy Hash: f5b254ca5c575c7a1f991e11b2e58dd134ba522ee88050762b55d6d4b42b99f4
Instruction Fuzzy Hash: DF219C70A00205DFDB18CF79C5646ADBBF1FF89318F244169D502A73A5DB319D82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01719D98 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6593ffc653f7c46a72c744e9f1f7dc303046de25a3bc42295c038255dc5a6e
Instruction ID: 0e5938bbae124027fcae6aa1985f468ec8e79694b96509820814f1424ab7a13d
Opcode Fuzzy Hash: bf6593ffc653f7c46a72c744e9f1f7dc303046de25a3bc42295c038255dc5a6e
Instruction Fuzzy Hash: 60218431B501158FDB14AB69C424B9EBBF6AFCC614F150099E602EB3A4CE70DD0587E1

Uniqueness

Uniqueness Score: -1.00%

Function 0171ACA8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28230dfcd71044297cb32c39f60e60c77f4c9423d31d0ed9ce7dc0304e6290c6
Instruction ID: fd5998f91939f19715d46eb7efed02d19eb62aa472a5ea8fe47e2e01a72686d1
Opcode Fuzzy Hash: 28230dfcd71044297cb32c39f60e60c77f4c9423d31d0ed9ce7dc0304e6290c6
Instruction Fuzzy Hash: 3821DE306102419FCB28EF78D4457AE7BA6FB88300F10883DE06AD7248DB75E8028BA4

Uniqueness

Uniqueness Score: -1.00%

Function 06A63328 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b842f59081217422c4e69e5eb1d044667dfc3df951a6df091b3e82aa86d015e
Instruction ID: 525b9621269077091ecaca39402022ddccb1ad2c3b2b1ad38fa828e816af696f
Opcode Fuzzy Hash: 7b842f59081217422c4e69e5eb1d044667dfc3df951a6df091b3e82aa86d015e
Instruction Fuzzy Hash: F421F731A002098FDB14DF99C545ADDB7F2FF8C300F6145A9E405BB265CB75AE46CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 017123B8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5178d2adadaad726bab81565ed83d3db3a79f7ca42fbfc8bcdfd5b222aa2dbb1
Instruction ID: 7f5f26dd7694e871a41c631d032821f7e84f0d47212d6bb416f206312552cb02
Opcode Fuzzy Hash: 5178d2adadaad726bab81565ed83d3db3a79f7ca42fbfc8bcdfd5b222aa2dbb1
Instruction Fuzzy Hash: 75213C71A2020BDFCB08EFA5D4505ADBBB2FF88304B604428C525B7284DF79AD45CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0171A570 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb4b9959120ba7a9783757744c1018a433b37f3d6810707147dc1413aa7fcf19
Instruction ID: c387e504958d06c691dbba33843eea35ee701e185ab635d9174638eb4b5ccb14
Opcode Fuzzy Hash: fb4b9959120ba7a9783757744c1018a433b37f3d6810707147dc1413aa7fcf19
Instruction Fuzzy Hash: 4611D630B101048FD704AB6D8464BBEBFE7AFC8714F25806AE502EB394CEB08C028B94

Uniqueness

Uniqueness Score: -1.00%

Function 0171B330 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccf4a6987dc44cf83c6b9001e2169430f6777daef6079b73902c29452ada8e43
Instruction ID: f77fb4e27d70011e427715582e395d79d1ece5828046d0c31b94ad3fb04b0d04
Opcode Fuzzy Hash: ccf4a6987dc44cf83c6b9001e2169430f6777daef6079b73902c29452ada8e43
Instruction Fuzzy Hash: D8214C35A04209DFCB19DFA9C4549EEBBB7EF8C720F148129E921A7394DB719C81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01710A58 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 156352dd1f7c929f3aa2704232b8d91a94dcf17345f1cb4439579093fa9d0705
Instruction ID: 17ad3025b617696db0ca4f1044fc3125c6d00ac36f3a8c21dc8a21048b04f5d5
Opcode Fuzzy Hash: 156352dd1f7c929f3aa2704232b8d91a94dcf17345f1cb4439579093fa9d0705
Instruction Fuzzy Hash: E0119031B002049FCB09ABBAC5585EDBBF6EBCD245F148429D506A7350EF369846DB61

Uniqueness

Uniqueness Score: -1.00%

Function 01719D89 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccc0fcc648490e10c91fa45282e96af6df0da66ece3f41d548ce6670ee680745
Instruction ID: 3af1833a3b68eb4c91f4e7352796ec209af762650954afef77bd40474c77e250
Opcode Fuzzy Hash: ccc0fcc648490e10c91fa45282e96af6df0da66ece3f41d548ce6670ee680745
Instruction Fuzzy Hash: 9511B471B501119FDB149B78C428BAEBAF6AFCC714F240059E602EB3D5CEB48D0587E1

Uniqueness

Uniqueness Score: -1.00%

Function 06A65A31 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20821e644839784c1918a8e86cae23ab7ca09ab2d80bbf22b53b9fdb1c3a8077
Instruction ID: 3ba460891144ef7ac50f05986a2778b0486204e97699f54e28c5617ae7bfbfaa
Opcode Fuzzy Hash: 20821e644839784c1918a8e86cae23ab7ca09ab2d80bbf22b53b9fdb1c3a8077
Instruction Fuzzy Hash: D921CD31E84285CFDB25EB65D998BAE7B72BF45314F18006AE4019B2A2CB359C41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0171ACB8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1036e8d2694ce5839bee6f47caca52ebe4d8b4950fb36e4c8d0b20ac2822ac01
Instruction ID: e39f43060af0d61c6096f4e070dc9764b2f7fc510ec29cc5cab364d6745c5abe
Opcode Fuzzy Hash: 1036e8d2694ce5839bee6f47caca52ebe4d8b4950fb36e4c8d0b20ac2822ac01
Instruction Fuzzy Hash: 5B219D306106059FCB28EF69D4457AE7BE6FB88300F508938D06AD7284DF75EC428BE5

Uniqueness

Uniqueness Score: -1.00%

Function 0171A580 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1859af4e97ae2f7347ea3253e0c0f34ec9889be6aeed630c3df19cae2cd1c9
Instruction ID: 6a1810b3149de25f1ac2b2e124e1eeb1c59a2a9dacc3928c432f58a4bd0dc359
Opcode Fuzzy Hash: 5c1859af4e97ae2f7347ea3253e0c0f34ec9889be6aeed630c3df19cae2cd1c9
Instruction Fuzzy Hash: 9C11A770B101088FD704AB6EC464B6EFAE7AFCC714F658069E506EB394DEB49C018B94

Uniqueness

Uniqueness Score: -1.00%

Function 017124C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 502e70a6b1b6c7f78bdd428adf1a49f9d81647d5e962bc06be78fdd67e4833f5
Instruction ID: e6818f57dbb43547305e33e842c20809d03f3aecd4f4ad611eb2f9cc61405d31
Opcode Fuzzy Hash: 502e70a6b1b6c7f78bdd428adf1a49f9d81647d5e962bc06be78fdd67e4833f5
Instruction Fuzzy Hash: D321F639A0024A9FCB08DFB5C8504AEBBB2FF88201B50C5A8C411A7784CB75AD06CF51

Uniqueness

Uniqueness Score: -1.00%

Function 06A69F5A Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2e5bbb27fb497db019a712bdda34a5b4499607b994341484987d8a9d5f6885f
Instruction ID: 9e8966524e7feb36ed33b8333f5ae2290bd592ac408bf44d25dd28ecfe3e2207
Opcode Fuzzy Hash: c2e5bbb27fb497db019a712bdda34a5b4499607b994341484987d8a9d5f6885f
Instruction Fuzzy Hash: 7A219734B002048FCB54EF29D994AAEBBF6EF89210F144569F5129B361DB70ED06CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0171F158 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c522aea84c981c38eec1e065f55f680e75a12b8aac8d9bcb206a77ea35fe479d
Instruction ID: 697c381722d2dd8f9f92df7facdb760048c5dd3fb7d805fc29ae941f54221304
Opcode Fuzzy Hash: c522aea84c981c38eec1e065f55f680e75a12b8aac8d9bcb206a77ea35fe479d
Instruction Fuzzy Hash: 5F1148363011505FD3059B3EDC549BABFA6BF8A7147150165E529CB322CE209C4787F0

Uniqueness

Uniqueness Score: -1.00%

Function 017125A0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c702edf6deaed052321d5785df8bc7ecb65910bb6f7ef8211b429a8be0da521
Instruction ID: 6ae2839adb7355e9fca9aa7429c0f478dd12b80eb99c854063328922bb4a19bf
Opcode Fuzzy Hash: 8c702edf6deaed052321d5785df8bc7ecb65910bb6f7ef8211b429a8be0da521
Instruction Fuzzy Hash: A1113831A142469BCB1DCB78D59406DBB71EF81300B3484BFC066AB6CBDB35EC428B96

Uniqueness

Uniqueness Score: -1.00%

Function 0171CE01 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16a8b912ea06063f8dc7e10819b99a1ebe9c18ff7c869090b4794f3a6be72a18
Instruction ID: ba1fc54fd6fe2bdcaa5d35f97bc0b9b930b8eee821aaa5c9a3c7e7c29139e773
Opcode Fuzzy Hash: 16a8b912ea06063f8dc7e10819b99a1ebe9c18ff7c869090b4794f3a6be72a18
Instruction Fuzzy Hash: BE115E35B401059FCB15DFADC894AAABFB6EF89340F1480A5EA019B365DB31EC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0171E550 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e966ba3d652f55b3ee86ca787b3f66749c730386ee601e76908fd190c0a2dd6
Instruction ID: c490d0fbaaa1a28965a4ebdf0da98806e47a6e208a4da9952101d4b5338297be
Opcode Fuzzy Hash: 7e966ba3d652f55b3ee86ca787b3f66749c730386ee601e76908fd190c0a2dd6
Instruction Fuzzy Hash: FB11A9303051459FC709DB5DD8549AE7FBAEF8630072580EAE559CB226DE31EC43CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 017124D0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e37d1d42d6c08a4d9633dcfc74b673aef05727a60ede716ed18fff95bd6b9c
Instruction ID: ad150d4b08827c86dd334859ce177b8417b0c6f88eb74fde617c1c68cddc6d9b
Opcode Fuzzy Hash: a1e37d1d42d6c08a4d9633dcfc74b673aef05727a60ede716ed18fff95bd6b9c
Instruction Fuzzy Hash: 6611B439A1020A9FCB08DFAAC8444AEB7B2FFC8201B50C564D415A7784CF75AD02CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06A6F9E0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca8029c638383eae15c443fa23e3d963262eacaf9f4bb617881f3f523f4d2fc1
Instruction ID: 7251ec90a4c75ff8b8e3dce7d4fdde6597284739008f702651f803edc7124859
Opcode Fuzzy Hash: ca8029c638383eae15c443fa23e3d963262eacaf9f4bb617881f3f523f4d2fc1
Instruction Fuzzy Hash: A9115E763142409FC706DF69F858D59BFF6EB89231B0A80A6E908CB352CB39DC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0171C0D0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a245ba10f6c1c9eed421e1388c63c685bad3f22266e50641b1559ef76d55ad52
Instruction ID: ccb94829b9ab061ba1de9b42eaf2569fd814ea9e2c0eb725baaf7a9c08c96e63
Opcode Fuzzy Hash: a245ba10f6c1c9eed421e1388c63c685bad3f22266e50641b1559ef76d55ad52
Instruction Fuzzy Hash: 1511B6756802119FCF25DFBC88147AABBF1AB88710F0040A9E555DB344DB718902DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0171C0E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86686a02ca1b6033e0e79e30a216740953cdf106e865e4d74b7d71b53a99658
Instruction ID: 2f2a416b3869c2629b9d92ceb180729fff5591909cf513efa59c50d9290bc2e5
Opcode Fuzzy Hash: b86686a02ca1b6033e0e79e30a216740953cdf106e865e4d74b7d71b53a99658
Instruction Fuzzy Hash: 3A118271B802159FDB65DFAD88547AEBBF2AB88B10F1040A9E555DB384DB70CA41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0171BDA8 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df2668d43ab35d5fabcbb1d071807b8d095ee75e6a1b2f625a9675a222d57ceb
Instruction ID: 3acfafefffed7b81f055d581a22b7dd29bd1ee9d61dd74fed2e635021d70ac2e
Opcode Fuzzy Hash: df2668d43ab35d5fabcbb1d071807b8d095ee75e6a1b2f625a9675a222d57ceb
Instruction Fuzzy Hash: 63115834A01209EFDB14CFA9E584AEEFBF5AF48310F204069E505A7394CB309D45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A63F28 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddd40fbaa06f71fc4b33d3c2dee65f1960040aa7f1b6d9f88cb0d8e96d8c4aac
Instruction ID: ed8f9dcda03fa6cb251d68a1475a55fbcbc88d914a7b17846a54177a3a41de9c
Opcode Fuzzy Hash: ddd40fbaa06f71fc4b33d3c2dee65f1960040aa7f1b6d9f88cb0d8e96d8c4aac
Instruction Fuzzy Hash: 2B11E074A00206AFCB25DF68D844B5ABBB4FB49214F14856DE529AB341C772F80ACBE0

Uniqueness

Uniqueness Score: -1.00%

Function 06A6EF21 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3523522f94f018824fb21dd1211111a6d86da7cb932e76cc26ec532beb9b0b64
Instruction ID: 1ab0bb54f17bcd49b25d5659ebb9f6e7fc13ce86c8df9ca10b87c3da1eaa0178
Opcode Fuzzy Hash: 3523522f94f018824fb21dd1211111a6d86da7cb932e76cc26ec532beb9b0b64
Instruction Fuzzy Hash: 8111AC34A003418FC751EF79D4546AEBBF1EF88320F144468DA5A97391DB74AD42CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0171BD28 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ac37430237d0c3c94ad9158e37d09e67c3a6b80861ea0f23ca3eeae4692eaa0
Instruction ID: 1846b37b54019411c3084bd11019dc931ae78633e8797483408bf4fbaefc8f36
Opcode Fuzzy Hash: 0ac37430237d0c3c94ad9158e37d09e67c3a6b80861ea0f23ca3eeae4692eaa0
Instruction Fuzzy Hash: DB018476340315AFDB148E59EC84F9E77A9FF88B21F108026FA14CB290C6B2D8508750

Uniqueness

Uniqueness Score: -1.00%

Function 01715491 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5399b47174bb653ebe04ee67c8be4ebff2f1c152789ccc57f8f66e4928f500b
Instruction ID: ab62deb360c445686b3970cf6344cc3f580bb05fd381b9c47a05f20f33ea4831
Opcode Fuzzy Hash: e5399b47174bb653ebe04ee67c8be4ebff2f1c152789ccc57f8f66e4928f500b
Instruction Fuzzy Hash: 76114834750118CFDB58CF9CD858B9CB3B1FB8A316F2000A5E907EB399C6349D048B81

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A791 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b6ed9d95e26503e8ae7fada6b32033d12848832168f186cae29a9018f21a59
Instruction ID: 763964f3ea975dc97e65e2919f34ad79562c2fa54e5ec9bc797cac41168c92b9
Opcode Fuzzy Hash: 74b6ed9d95e26503e8ae7fada6b32033d12848832168f186cae29a9018f21a59
Instruction Fuzzy Hash: B601D2347003409FC366AB74D914A7A3BB2AFC9320F04456DF6628B6A1CB74EC82C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 01714C18 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f3fa5dcfe3e558ab3bd638877d5570aab409d58d50eea58647784e408a03bff
Instruction ID: a5a8652ba0b1a717a654654490f59dd5683365085220d4dd7456cdd5c1e5c4f7
Opcode Fuzzy Hash: 6f3fa5dcfe3e558ab3bd638877d5570aab409d58d50eea58647784e408a03bff
Instruction Fuzzy Hash: D7112A317141429FD719DF2DD965B2ABBE2AF95314F2444A8D402DB2A9DF39DC42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0171A249 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f898f4540a898a166e6c0c016c4a3af302ed457df4a70276e333cf988acb25
Instruction ID: ed2eadf410fb9fd5b73c086f680be99a344ae3141fe2ae2bc55c46cb5aadad31
Opcode Fuzzy Hash: f5f898f4540a898a166e6c0c016c4a3af302ed457df4a70276e333cf988acb25
Instruction Fuzzy Hash: 17F0C23530F3902FC303122A5C14AE3BFEA9FC766432940E7F085CB663E821DC0582A5

Uniqueness

Uniqueness Score: -1.00%

Function 01713C72 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe963b666479f0d0a6936788fbec2795dad8fe3c74221b2719e2592a43c87fd2
Instruction ID: 5d6ce37182120133923cd93110fdc64f5b71c66374a2350a72f50cf4fc4881f8
Opcode Fuzzy Hash: fe963b666479f0d0a6936788fbec2795dad8fe3c74221b2719e2592a43c87fd2
Instruction Fuzzy Hash: 7E01D1313081508FD756CF7DD8649297BF9BF06A2831500EAE94ACF2B6EB21CC41C751

Uniqueness

Uniqueness Score: -1.00%

Function 06A63F38 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b69b0504a6cbae2dca342c2f4c35565d31cddfa77b4875cee0a23ac1d9c37a
Instruction ID: 6b1dd4c94c90de000f377c7157b6a6f6679204da9dd031b67b928e6fa37a712d
Opcode Fuzzy Hash: 16b69b0504a6cbae2dca342c2f4c35565d31cddfa77b4875cee0a23ac1d9c37a
Instruction Fuzzy Hash: 5C016170A002159FCB64EF69D844B5AFBB4FB45314F10856DD519AB341C772F90ACBE1

Uniqueness

Uniqueness Score: -1.00%

Function 06A6EF30 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258f0e1fdaadc724ac777ebf21625e92cd02acc344b4f1e8fdd62573b595f2e6
Instruction ID: 01dddcc5bb7b75b7aa617347486fb0720764561a1961f6704599c30e5f34886a
Opcode Fuzzy Hash: 258f0e1fdaadc724ac777ebf21625e92cd02acc344b4f1e8fdd62573b595f2e6
Instruction Fuzzy Hash: C801AD30A003058FC750EB69C4546AEBBF1EF88320F444468D60ADB391DB74AD428B91

Uniqueness

Uniqueness Score: -1.00%

Function 0171A308 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a28f7ac20d4764ab0891b39480341297285f003027b39b8ecd64daa6c9587091
Instruction ID: c04efa031e9a08c16be2e6ad5792d3848c190cf0ffc22a8529fb767ef231a8bc
Opcode Fuzzy Hash: a28f7ac20d4764ab0891b39480341297285f003027b39b8ecd64daa6c9587091
Instruction Fuzzy Hash: CB01493AB152804FD7054B2DC804B55FBF2AF9662432D80ABE401C7326D6A1DC02CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06A607C1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e76e6814aba5071cb94e5bd08071708fe071eb4182a759d2b1d959e320347bd
Instruction ID: 82c8439a79ef0bd6914b850bdcdf7860c0446d1ccdd3b8e2dee5ebe183096394
Opcode Fuzzy Hash: 3e76e6814aba5071cb94e5bd08071708fe071eb4182a759d2b1d959e320347bd
Instruction Fuzzy Hash: 54018F36A04208AFD754DF99D540B9ABFF6EB55360F2440AAE584DB361D671A8C0CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 017158A8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ad7ca9473ea899496adf903aaa06af05c069dbe76ee69481327d373ce1bb53
Instruction ID: 7a7cec2a2fb388a197c082ccd7dfa3ea23c250102d7d3e7e5217a0327f1fd01e
Opcode Fuzzy Hash: b0ad7ca9473ea899496adf903aaa06af05c069dbe76ee69481327d373ce1bb53
Instruction Fuzzy Hash: 0B01D1307001149FC71C9A5DD814B2AF6A7FBCB711F148466F92AE7398EA749C018752

Uniqueness

Uniqueness Score: -1.00%

Function 0171A3F9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97e4edc2c8630abc84f1c7a379ac811991572a4a4d5cd9541250b4618be0b53
Instruction ID: 7b28fa06e75f9158fdd1d37d955b67ff061d60546ce4b601fd65fb8f73b30dc4
Opcode Fuzzy Hash: f97e4edc2c8630abc84f1c7a379ac811991572a4a4d5cd9541250b4618be0b53
Instruction Fuzzy Hash: 89018C347283165B8F1C37B0F12C86C3652FB99A16344883CD533AB384DF2998865F5D

Uniqueness

Uniqueness Score: -1.00%

Function 01712618 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e27a74eb5600fffbbee4af21b091a9bf837099e0aff9ceb7f55ca881dada9865
Instruction ID: bf4e63dbf6884e32b7e735a0d2cd0321ae9bb55fdfbb051d805960f7098c0c63
Opcode Fuzzy Hash: e27a74eb5600fffbbee4af21b091a9bf837099e0aff9ceb7f55ca881dada9865
Instruction Fuzzy Hash: FF019E74D4424BAFCF14EFA9D44059CBBF0AF05304B1095AAC055EB281EB356A45CF81

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A7A0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d8a22e1f972c13a7ae56abe3810a213705525f219a00e0d89b63de4a7cf0de0
Instruction ID: ca851b4cf6580d02fbc33d67685604555f30f13e1e3e8c95eff9beedf8e08f3c
Opcode Fuzzy Hash: 5d8a22e1f972c13a7ae56abe3810a213705525f219a00e0d89b63de4a7cf0de0
Instruction Fuzzy Hash: 0901B1357002009FC365BB35C554A3A37A6EBC8320F14852CE6624B794CF79EC82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A685E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3392a4a575be93befe50353a0250512022df51bf4214571730b03dde7159fbf6
Instruction ID: 4186154fb4dc117752e3051cf83f9be850a53e7593b3cac38139995ee3c09e75
Opcode Fuzzy Hash: 3392a4a575be93befe50353a0250512022df51bf4214571730b03dde7159fbf6
Instruction Fuzzy Hash: 3701DF39341501EFC315AB28D518AAA7BA2FF8C711B108068EA468B355CF36EC53CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0171B150 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7017b357b21b7b1f52fca4c5e3a5e55b3a1cd40a8c26c0afbfe30590b996fb17
Instruction ID: be2ede5582caa33bf73328a2d42c377aa56a1ea518810f34da04028304c7bd8d
Opcode Fuzzy Hash: 7017b357b21b7b1f52fca4c5e3a5e55b3a1cd40a8c26c0afbfe30590b996fb17
Instruction Fuzzy Hash: 73F04632B042016FF7158E3C9C04B2AFBB9EBC5720F15007AE949DB380CA66AC01C3D1

Uniqueness

Uniqueness Score: -1.00%

Function 0171CF58 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7e64d0363ded8c9dc3c60d349ecec3ebbde555c7aa85a71d46b57da51eaffb9
Instruction ID: 09b838ad76b3a1f84f783cd83ce011ce1e6528c5362b146f9625d2a074848a7c
Opcode Fuzzy Hash: b7e64d0363ded8c9dc3c60d349ecec3ebbde555c7aa85a71d46b57da51eaffb9
Instruction Fuzzy Hash: A0F062313401119FC7149A5DD890B6AF7DAFBC8B54B5481B5E609CB765CA31EC0187D1

Uniqueness

Uniqueness Score: -1.00%

Function 06A650E9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a6375595e5c622bdbbdbe9a0f145cb5389e1dd33a2e7dab6f95751088220ce9
Instruction ID: a5eca867772414f4faefd43eb9b58310d87955e481c1d32d8507aaa72c25669d
Opcode Fuzzy Hash: 6a6375595e5c622bdbbdbe9a0f145cb5389e1dd33a2e7dab6f95751088220ce9
Instruction Fuzzy Hash: 69F0F63AB100096BCB189B69D8549ABFF6AEB88660F044075F915C7361DE709C46C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 01712088 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23d95753eb6b6f4b36876c243fa6cabd3502ddc4aa1c9b75c4a158c42240f81b
Instruction ID: bfece45959c981598517791f7882e0e22ad206ace1020ce773563444a70210d4
Opcode Fuzzy Hash: 23d95753eb6b6f4b36876c243fa6cabd3502ddc4aa1c9b75c4a158c42240f81b
Instruction Fuzzy Hash: DD018B353042449FC705AF79D4244693BB2FB8A20832484AEE849CB352DE36EC078B91

Uniqueness

Uniqueness Score: -1.00%

Function 01715413 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6495462bf1a3d6f171b4801e044b1911ff1e5a87c8bfd9c481edb17947572b8c
Instruction ID: 2083bfe23af8a54c22cac8f84e94fa7318030230589324fdcae8ec007b139a1d
Opcode Fuzzy Hash: 6495462bf1a3d6f171b4801e044b1911ff1e5a87c8bfd9c481edb17947572b8c
Instruction Fuzzy Hash: F1014F70740205CFDB199FADC854B6DBBB2BF89305F100069D802DB369DB748C01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06A685F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 407693c6c4a4dcae250c5c537203f3818a7b3a3d1fbabf1dc52422f2480f2e33
Instruction ID: 191f918da70b23088ba0d77daf4ea6a06821c3cd18dd609d4433af0480faa3e1
Opcode Fuzzy Hash: 407693c6c4a4dcae250c5c537203f3818a7b3a3d1fbabf1dc52422f2480f2e33
Instruction Fuzzy Hash: B2018C35341511DFC319AB29D518A6ABBA7EFCC721B108128EA068B354CF36EC42CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 01713930 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1f65bb960b9321c71a9917c00754d085b48361e7b6674bba3049fc897ea44e
Instruction ID: 0955d3b3f12d933aaff44d33aaca863663bceb7e7e8fa013400fc4f261908d98
Opcode Fuzzy Hash: 9a1f65bb960b9321c71a9917c00754d085b48361e7b6674bba3049fc897ea44e
Instruction Fuzzy Hash: 39F0C0B1B041899FCB208F7ECD0018FBFE3AF8226470044EEE084CB212D6304445C342

Uniqueness

Uniqueness Score: -1.00%

Function 0171B1B8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9890e17cf6ccd7430588609d2d5333efa0a44aafadb2dbfa01175cbce34a5234
Instruction ID: 9fab4e078d190743e03b4be81a9bb5a48ed789b9f0f531bb7ae5dec67160611e
Opcode Fuzzy Hash: 9890e17cf6ccd7430588609d2d5333efa0a44aafadb2dbfa01175cbce34a5234
Instruction Fuzzy Hash: D7F02462B0C2915FE322027C1C61379BFB1DB92600F1900EAD2428F2A6CA468807C352

Uniqueness

Uniqueness Score: -1.00%

Function 0171BD17 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60d1484af6572fdfc8042b203a1d5ca88a7fb609124098e340452ca15fde5542
Instruction ID: a18cfd78e4c9ea7c01916b4b17e5d6496cccb6f1747ab7c36b41de03647deb36
Opcode Fuzzy Hash: 60d1484af6572fdfc8042b203a1d5ca88a7fb609124098e340452ca15fde5542
Instruction Fuzzy Hash: 56F0CD363043419F8719CF29E884C9ABBB9BF8A71031540BAF555C7322CB70C801C761

Uniqueness

Uniqueness Score: -1.00%

Function 0171B160 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dd13baae5127787f466be7ead96aad48493a19e7b45b5474d4fff46d8e942b4
Instruction ID: 7bd9bfc47dd82c99b90424c48ad7ddec3384c36c0f99347141b41a1a0bcfacd3
Opcode Fuzzy Hash: 6dd13baae5127787f466be7ead96aad48493a19e7b45b5474d4fff46d8e942b4
Instruction Fuzzy Hash: 22F0E932F042156FE714861D9C54B2BFBB9FBC8720F154439E5099B380CE66AC4183C4

Uniqueness

Uniqueness Score: -1.00%

Function 06A6AE60 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42aadac54c2019cc0dbd0eec5d8ff98bf879d6f72739621fc647d9e0c0828028
Instruction ID: e24a7e3cded1bb3c4acbb5ca4ce083d9537e8f0ac867f5abb7396edc9283c111
Opcode Fuzzy Hash: 42aadac54c2019cc0dbd0eec5d8ff98bf879d6f72739621fc647d9e0c0828028
Instruction Fuzzy Hash: 64F040362043628FE3227B398D247A077A5EF42615F2404BCE6411F292EB32E802CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01715940 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc665e43bb858c9ff2c04a03e5858f0ab7920fc65c420962bb520cdb38e8bb59
Instruction ID: dea0817a28699f82c74fdf141fcac58e41509b485b3c2317df4df80230ff2fb0
Opcode Fuzzy Hash: dc665e43bb858c9ff2c04a03e5858f0ab7920fc65c420962bb520cdb38e8bb59
Instruction Fuzzy Hash: 7AF06231110B455FD718EF2DE540485BBA3FF99334364CB59C0684B695EF71F8098BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0171A2C0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 766c99522c4c9279fc67c4b21f772a28905cfd5634df0719d60fd2d968f28e64
Instruction ID: d124637847a937ca737ce1984bf2eef5bac331f46e99a139f3290597ac67d3f3
Opcode Fuzzy Hash: 766c99522c4c9279fc67c4b21f772a28905cfd5634df0719d60fd2d968f28e64
Instruction Fuzzy Hash: 2CF08C353045105FC314965ED844F12BBEBAFC8B24B648069F20ACB375D961EC018690

Uniqueness

Uniqueness Score: -1.00%

Function 06A6AE88 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 705fb5a19ad448f424e5a55245836801a3df703edabcf9ce562937d398baf730
Instruction ID: bc87317ae36c7b6885190e87c726764eea151748de3925f7a59ee68d3ee962ae
Opcode Fuzzy Hash: 705fb5a19ad448f424e5a55245836801a3df703edabcf9ce562937d398baf730
Instruction Fuzzy Hash: DDF0A0317803228FD7667A7D991472673A69F86620F144879E60A9F284EE71EC00C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 06A6CEC8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc2a78d3ac9e96dd191d80ba63b787864e78a6fff6153376fa71e3e85dbdb42e
Instruction ID: 13435c8b2f12c893e829d9b89908b04d2a6c8e3ed8730b3b8469c28baac43f7f
Opcode Fuzzy Hash: cc2a78d3ac9e96dd191d80ba63b787864e78a6fff6153376fa71e3e85dbdb42e
Instruction Fuzzy Hash: 3EF0A031A1920C4FCB14ABA5A81523CB769EB47225F1446EAEC4ED7A40E9379C1497C1

Uniqueness

Uniqueness Score: -1.00%

Function 06A67CE8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e297af28b73328f23719716863bcee4e2eacae59e29227d7da93b6a5378808bf
Instruction ID: 8ebc08aff116266a7ae14d079609c9e632c0e16b557a34242a1225e615fba2f8
Opcode Fuzzy Hash: e297af28b73328f23719716863bcee4e2eacae59e29227d7da93b6a5378808bf
Instruction Fuzzy Hash: F4F04F363402409FC315DF29D854A7A7B76AFC9611F1540A9EA568B361CB31DC02CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01712098 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d62438f5b86c485fe32d09f7212c68b3c2282186a478e66e6aa43b958caf9353
Instruction ID: 89e9b5cf250a49587cb655a31f7b0be5df375f78704d4651e0f58a9e6598667b
Opcode Fuzzy Hash: d62438f5b86c485fe32d09f7212c68b3c2282186a478e66e6aa43b958caf9353
Instruction Fuzzy Hash: 52F06D353002149BC708EF69E4149597BE6FB8921832488ADE809DF355DF76EC078BC0

Uniqueness

Uniqueness Score: -1.00%

Function 0171D410 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63aff2d60602900aa09c69fb6334443e18bf3d88416a6a2218fbd67cf5da1aa1
Instruction ID: 95c5e97d9a503e946ca6468b10ebf97303c94cf95fad6c4d232363e39ecddcb3
Opcode Fuzzy Hash: 63aff2d60602900aa09c69fb6334443e18bf3d88416a6a2218fbd67cf5da1aa1
Instruction Fuzzy Hash: 26F05930A042449FDB19CFACE40C7EDBFB2EB81200F08C0DAD885C7256C7301682CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06A644F0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43d69ed17749dd80318ee8637e31b21e73c7e7c88c9015b530b10a2b20becf20
Instruction ID: 898f3307909e459553743a9d8c5c716efdf09b928963f0a22f6f709d7056cfc9
Opcode Fuzzy Hash: 43d69ed17749dd80318ee8637e31b21e73c7e7c88c9015b530b10a2b20becf20
Instruction Fuzzy Hash: 7CE02232B4A1A21FD7622B2E7C1076AEFDAEB89914B44403AF845CB301C900CC038FA1

Uniqueness

Uniqueness Score: -1.00%

Function 06A67CF8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d3dd5b99e1a12d732193cc7eaca0619e0ef9db46d496cd5347d518a3547805
Instruction ID: b949ec3bbb96252a275cd8f2f5f5783f8d62e4ac5a6f97ade3832c02d38f59be
Opcode Fuzzy Hash: a2d3dd5b99e1a12d732193cc7eaca0619e0ef9db46d496cd5347d518a3547805
Instruction Fuzzy Hash: 90F0FE353406009FC718EF69D894D3A77AAFFC9721B154469FA568B360CA71EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A6FA3F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a815be41d9548cb387634911477cc4814dc176aaec583e8f5da899cf076cd30e
Instruction ID: 03f263150a5be6155ac358f9d3ab8763d0e4d23410bb273174c7ce53b9d59a41
Opcode Fuzzy Hash: a815be41d9548cb387634911477cc4814dc176aaec583e8f5da899cf076cd30e
Instruction Fuzzy Hash: 1AF0EC76A00204AFCB49AA79E40D9A9BBE2EF88220F418474EA058B245DB35DD46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A6F961 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e34405f127c00f746f25182fd9215a746ffd31ad5180bb31aa5b4106b7771468
Instruction ID: 565202dbeb6dbf1b14a40d253d4b70f1e946c998195bdc726c1636df9fbb129f
Opcode Fuzzy Hash: e34405f127c00f746f25182fd9215a746ffd31ad5180bb31aa5b4106b7771468
Instruction Fuzzy Hash: A1F030327042419FCB89FB76E42846C7FA3FB6611430518AEE153DB291CB3A9C469B51

Uniqueness

Uniqueness Score: -1.00%

Function 06A64541 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53e131e8836dd9073c846081ea241e82da61c0c2e57db1f6b6298dcd78953598
Instruction ID: 24580f6fcab9b5a49d365c280edc77808c2b773f77dfcee3aa88fef961a12833
Opcode Fuzzy Hash: 53e131e8836dd9073c846081ea241e82da61c0c2e57db1f6b6298dcd78953598
Instruction Fuzzy Hash: 94F0A0322056855BC7219F2EE895897BF5AAFD52147148829E19A87222C970F80787A4

Uniqueness

Uniqueness Score: -1.00%

Function 01715848 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c431bed60d2ed714fedfdbd7d33a0beb41e754d6503e3f270c4f0a4e8f20ba
Instruction ID: 8d74b146994e30858af77554a0e07e9610b825934275f708b5b5c273c194124d
Opcode Fuzzy Hash: 09c431bed60d2ed714fedfdbd7d33a0beb41e754d6503e3f270c4f0a4e8f20ba
Instruction Fuzzy Hash: 7BE09A367046081FE318968E9C44F07BBEFFBC8665B24802AF50CC7364EEA0EC0186A0

Uniqueness

Uniqueness Score: -1.00%

Function 0171BF21 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b615d63c93a5c6802f1d60b1ae74e2c40a6c70e0d99f747e6f1ce3e2597e72
Instruction ID: f340dc4319513fc700299ffb7569cb22fef2fae7ff6d7296cd41937a4d329ad8
Opcode Fuzzy Hash: 60b615d63c93a5c6802f1d60b1ae74e2c40a6c70e0d99f747e6f1ce3e2597e72
Instruction Fuzzy Hash: 87F0E5326045928FC716CF1CD450AAABF76DF82310B0A80BAE9459B217C732EC53CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0171216F Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452db2e061d2ae49fd6a824b6eaaae381f0cacfe2b012afbd9e5c8f3dbec9327
Instruction ID: 5120188e24a9feae3776c6495270fd38a327e3a5275cc7b548646a9acd5a3329
Opcode Fuzzy Hash: 452db2e061d2ae49fd6a824b6eaaae381f0cacfe2b012afbd9e5c8f3dbec9327
Instruction Fuzzy Hash: 73E04F303452449FD70A8F38D856EB73FB5EF46304F1240AAF909CB6B2D6698C19CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0171E5A8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d23c8937df00c5c212ae55cddea387bd4670103ab0a42d656bc658fb839455
Instruction ID: 7532587f0f38fb799ae145bc53392a444f6ecb3ba350e0b68f6c5709b9349c1e
Opcode Fuzzy Hash: 05d23c8937df00c5c212ae55cddea387bd4670103ab0a42d656bc658fb839455
Instruction Fuzzy Hash: 62E09236245050AFC3088B1DE844DE67BADDFC96117140066F516C3221DE60DC5287B0

Uniqueness

Uniqueness Score: -1.00%

Function 01716A70 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b7e2e71ce01674521ae721153d0fe7d4b0200ce8f677a63ab5490e77e8328c
Instruction ID: 9513e500df918df383b6335eaf6884235acd127297dc394b7a12e3862eea6101
Opcode Fuzzy Hash: c3b7e2e71ce01674521ae721153d0fe7d4b0200ce8f677a63ab5490e77e8328c
Instruction Fuzzy Hash: 14E0923131060917CA1C6A5EE84449B769AEBC4659704893CD12E8B344DE25EC0687D4

Uniqueness

Uniqueness Score: -1.00%

Function 017126B0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2ffe340d6ee51d1c21ef2e45504c9d4037484e8bd719adfc7fa5d5ec1c422b9
Instruction ID: 32fb701ef5159622e7b5956bf5b97c02b49190e957a043f439e2453bfba2e312
Opcode Fuzzy Hash: c2ffe340d6ee51d1c21ef2e45504c9d4037484e8bd719adfc7fa5d5ec1c422b9
Instruction Fuzzy Hash: 8CE048326142189FD719DAA9A4005DABBEDDB48261F10407AD51CD3640DA72DC418790

Uniqueness

Uniqueness Score: -1.00%

Function 06A6EED0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 894be43c979a4d8cb93af85d9232dd852c0a2fd87a523d515928eb31ef2edc91
Instruction ID: 2bee371dfec54327e6fb04fd0870e83c0bca5e7917882f9f00e4c0e37a6f3d80
Opcode Fuzzy Hash: 894be43c979a4d8cb93af85d9232dd852c0a2fd87a523d515928eb31ef2edc91
Instruction Fuzzy Hash: 60F0F875D14219DFD780EFAED445A9AB7F4FB08220F028065E528E7251D734AE40CFD1

Uniqueness

Uniqueness Score: -1.00%

Function 06A67F20 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f665bd3382dec14cc58e4f117c1e894d5fcfd351a2d93ecbc188d124fb72145
Instruction ID: 76ce0789a2df104f7cc5b18f8ae50eb9515689408a36b897b1781d4575707c15
Opcode Fuzzy Hash: 6f665bd3382dec14cc58e4f117c1e894d5fcfd351a2d93ecbc188d124fb72145
Instruction Fuzzy Hash: 14E02032F001146BC714969EA4047DEB7EBDBC5710F00C03AE509C7384DDB50D014BD4

Uniqueness

Uniqueness Score: -1.00%

Function 06A6F970 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73915405f9addf00ee0580e7821649c87b7a2bc8d467656874d7f6033ec4e0cd
Instruction ID: fcb31160ec33faf98ea32fdd288ad942ff4a0847c1912073eca63869dcece79f
Opcode Fuzzy Hash: 73915405f9addf00ee0580e7821649c87b7a2bc8d467656874d7f6033ec4e0cd
Instruction Fuzzy Hash: 5AE01532304200DF8B48BF7AE46847D76A7BB656083445869E2139B280CF3AEC429B95

Uniqueness

Uniqueness Score: -1.00%

Function 01719D48 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cbf78d8a345c37b537c6338440c1f28325cc0297852549222a2c8ee8f445cd7
Instruction ID: ecf46c099b3d5c24b33f741a52fcb4b12e07d75bf43beb7c9a778f7200e7b1a8
Opcode Fuzzy Hash: 9cbf78d8a345c37b537c6338440c1f28325cc0297852549222a2c8ee8f445cd7
Instruction Fuzzy Hash: 34E0DF72815344AFCB26CF748C114AEBBB89E0634871000EBD982C3192E6318A81CB51

Uniqueness

Uniqueness Score: -1.00%

Function 06A64550 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a26c4c5424c79bcc7ddbf326d9677dd334d82e5f1fe0fd1a34158d90f165ea
Instruction ID: 21a51eda16f5627342ce325101a031985a5434b2931d03b6610284f537e67c63
Opcode Fuzzy Hash: d0a26c4c5424c79bcc7ddbf326d9677dd334d82e5f1fe0fd1a34158d90f165ea
Instruction Fuzzy Hash: D7E0923230064A4BC710AE1FE984C4BFB9AAFD4320310C939D11A87221CA70FC068694

Uniqueness

Uniqueness Score: -1.00%

Function 01719A21 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d57445f253634f7cb33a3efa4d18d4a124f2d7d9be835ef7d1c1f8fa333c2b3
Instruction ID: f4272c4bcf9f6a77ddab47fe5d478e4d4ba8e03bcbc66532253636494560eb78
Opcode Fuzzy Hash: 3d57445f253634f7cb33a3efa4d18d4a124f2d7d9be835ef7d1c1f8fa333c2b3
Instruction Fuzzy Hash: 87E06D35F001198BCF04DFA8D0642ECBBF3EF88218F148069DA15F3344EB3499068B95

Uniqueness

Uniqueness Score: -1.00%

Function 017121B8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83b652f840a0f1081466882d4369246b5bcd5d574d7f10a431b33a6dedaddcd2
Instruction ID: 40fa2710d2c59b58ff9ba0962a990316cc3dd7a87f12c23ef973c18fb2613284
Opcode Fuzzy Hash: 83b652f840a0f1081466882d4369246b5bcd5d574d7f10a431b33a6dedaddcd2
Instruction Fuzzy Hash: F5E086B545E3C15FCF230B74AC281997FB0AD1321531900EBD0E1CE0ABD6294446DB13

Uniqueness

Uniqueness Score: -1.00%

Function 0171F5C8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f53d90ce35f31b494516dfbcaa77403cef94c1a271e9336951a5a23b4b9b4da
Instruction ID: b1a5a0e6af8c5948182339df66ef2e39c10d7cf08ac66937748bd0eb0ca95d19
Opcode Fuzzy Hash: 3f53d90ce35f31b494516dfbcaa77403cef94c1a271e9336951a5a23b4b9b4da
Instruction Fuzzy Hash: DCE0CD303403115FD7127A7C4C00761B3955F85B20F3008E5D7095F388ED61F8018761

Uniqueness

Uniqueness Score: -1.00%

Function 0171A7E9 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07e892555d663d89c35dfb6a0e4b8adab09b043284839509112e150a6424bc8a
Instruction ID: 093d11256b00ee4773046e6a0b2d55ca1ee4afa0d4cb2d7440d5b4a02da217ef
Opcode Fuzzy Hash: 07e892555d663d89c35dfb6a0e4b8adab09b043284839509112e150a6424bc8a
Instruction Fuzzy Hash: 32E0D830A05388EFCB05DFB8E6006AD7FF5FB86304B1045EAD849E7201C6355E02DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0171AC38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e2923d167a27790debf49511223521a8f7f6fdbc2d6c3f45bb2dee41e6df2e0
Instruction ID: 8904fc74b8c102d8e1e51e7717492f8ea3264707d8bb75810043fb6ef6f714d1
Opcode Fuzzy Hash: 3e2923d167a27790debf49511223521a8f7f6fdbc2d6c3f45bb2dee41e6df2e0
Instruction Fuzzy Hash: 3EE09270904388EFCB05DFB4D554BBD7BB2EB95204F5484EDC444AB201EA355E019B80

Uniqueness

Uniqueness Score: -1.00%

Function 01719D58 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33ad9aadb952383ddb59d876f012a8491ad74edf4dc2c83722439e9f7221a80f
Instruction ID: 4fbd8d99d7b885d050cac8c62c8333eecfeaf99670f5557ab0b62fd4da9ab341
Opcode Fuzzy Hash: 33ad9aadb952383ddb59d876f012a8491ad74edf4dc2c83722439e9f7221a80f
Instruction Fuzzy Hash: CBD01732A1120CEBCB14DEB499014AEB7ACDB49155B1005FA9E0AC3200EA32DA519B91

Uniqueness

Uniqueness Score: -1.00%

Function 01712180 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 443148d7692ca1548617a9fbb6edae68242e8c4d3ff4f60fbdf09f3448054ec3
Instruction ID: 88467e20f7240cf5aba944438a19dbb4d77f1ee759378f72fb9278f722df4589
Opcode Fuzzy Hash: 443148d7692ca1548617a9fbb6edae68242e8c4d3ff4f60fbdf09f3448054ec3
Instruction Fuzzy Hash: CAD013343441045FD308DE5DD555F7637D6FB48704F104058F5098F395CD65FC454656

Uniqueness

Uniqueness Score: -1.00%

Function 0171AC48 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b3999b3070afb6bdc87ccd5e87fb42b634a53f05b806386adc8c11a250aae26
Instruction ID: 2282d5ce44a3e20c8853e025c691bbd1a00f2ed84625fd090021e9ac841b1d83
Opcode Fuzzy Hash: 8b3999b3070afb6bdc87ccd5e87fb42b634a53f05b806386adc8c11a250aae26
Instruction Fuzzy Hash: 73E01270A0130CFBCB04DFB5D94176EB7B5FB84604F9084A9D514E7240EA36AE019B80

Uniqueness

Uniqueness Score: -1.00%

Function 0171A7F8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 519fe24f7a72dce4b79eeee7008ebfb64cbb9b455cf8ed4de0c17569ce51552b
Instruction ID: 2d84c70fd99b642c18fc2c55215c8bd801a64c7464c944c7d10a08ec0db1e0b8
Opcode Fuzzy Hash: 519fe24f7a72dce4b79eeee7008ebfb64cbb9b455cf8ed4de0c17569ce51552b
Instruction Fuzzy Hash: 21E01270A1120CEFCB04EFA8D54065D77F5FB84204F6084A8D819E3300DA35AE019B95

Uniqueness

Uniqueness Score: -1.00%

Function 06A65FB8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 716a9b8ceed8e5ee663b42b13e90aab754f1d76da93452d173702288b4caa889
Instruction ID: 2a8921e6349cc4de80c9a837deab8633f6d127105043ce4154481800e01c0557
Opcode Fuzzy Hash: 716a9b8ceed8e5ee663b42b13e90aab754f1d76da93452d173702288b4caa889
Instruction Fuzzy Hash: 1FD05B3570C7864FD722DB3E66501577FD36F955007444558E081C774ADA24F917CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06A63EF0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b5a874a2543e005b8131be4a444fea2b4f69cbc1e74e09073b1cb8102aebd42
Instruction ID: 4993df97b2e5b6af3d10e33e5e2a9d41006ef05b4b45a601c1f5a80442eae02a
Opcode Fuzzy Hash: 1b5a874a2543e005b8131be4a444fea2b4f69cbc1e74e09073b1cb8102aebd42
Instruction Fuzzy Hash: 8AD05B3530C6934FD762DF2EF4102573B92ABD53007088475D4D1CB616D720F9538B54

Uniqueness

Uniqueness Score: -1.00%

Function 06A6D293 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2413b0337ea3ecbfc7d04c8e8af992c83003d1a702c1da662a622204815038c
Instruction ID: 5149882200d5676b7e164a105f00d714c63eed9fdb7961c6b916d32b26e9434e
Opcode Fuzzy Hash: e2413b0337ea3ecbfc7d04c8e8af992c83003d1a702c1da662a622204815038c
Instruction Fuzzy Hash: 58D05E3A1492809FC2469B5488508A2BF26EF8A155718C4CBF06C8F252CB22D913E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 01713C88 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ed22b01dd20e05526ca3306c572a3a78e85c204d61981b35a9659ec683aa62
Instruction ID: b9c1d2a696462e48475c2ad9e6dfea1664a360fcb70be8a41243944fa6fe502e
Opcode Fuzzy Hash: 86ed22b01dd20e05526ca3306c572a3a78e85c204d61981b35a9659ec683aa62
Instruction Fuzzy Hash: 2DB012313A460D0BEB60DBFE788876673CCA740628F4400F1F41CC1945F557E4E05280

Uniqueness

Uniqueness Score: -1.00%

Function 06A67CC0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9df8a6a4c690cd6aed11ce7051c70d365927774c34456bfafdd3df04a3d92723
Instruction ID: 6f1eaa9fbb81072d5074c6a3df2b69cb8784e4287499841b6b0d5d1358257296
Opcode Fuzzy Hash: 9df8a6a4c690cd6aed11ce7051c70d365927774c34456bfafdd3df04a3d92723
Instruction Fuzzy Hash: 72D012755541408FC341EB74D5448807BB19B6621931640D2E5458F232D6219C15C721

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A302 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 127f7c46c50edad5c0d8fcacf3b38415237ad91643823cb67e8d8a936bd51ddd
Instruction ID: 5bc6f7ed13d8cdd415fa89915d9a3f58ef7455f1c188229b093e7400055ef1a7
Opcode Fuzzy Hash: 127f7c46c50edad5c0d8fcacf3b38415237ad91643823cb67e8d8a936bd51ddd
Instruction Fuzzy Hash: 4DD01236148294CFC302DF68E900E507F75EF1A214B1944D6E5844F233C2719564EB64

Uniqueness

Uniqueness Score: -1.00%

Function 0171F2C1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 723bfbb83424ced33043e7efa094e91252bbf575bb32c1a06523f01167e8cc55
Instruction ID: 18ed5f766b84fea961654f53ae8e37c8f66af17cc20f5f4e64fd25cea4fdb06a
Opcode Fuzzy Hash: 723bfbb83424ced33043e7efa094e91252bbf575bb32c1a06523f01167e8cc55
Instruction Fuzzy Hash: BAC08C2100D1C45FC2028710AC0DA067F219B10220F0400E4A0A05302283210820DA66

Uniqueness

Uniqueness Score: -1.00%

Function 06A6C3DA Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1fe28df7d8d9d340cfabfcd162c6607a28e5f7279183882486638533a8ea062
Instruction ID: e42d7237b55107e27a79d14109fb7c092eab6e709cd0b2fdf24222fadd0526be
Opcode Fuzzy Hash: f1fe28df7d8d9d340cfabfcd162c6607a28e5f7279183882486638533a8ea062
Instruction Fuzzy Hash: 79C08C3A000108BB83008B94E8008A1BF299B092007808020F218010028A32E853DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0171C0B0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b68bb30e32700637328301aa9442cc357673899d9c575507dd3e1d89e748ad
Instruction ID: 38e00731e3959f45b2eab43864f167a3d717f8e20731259799d781f34eb747b3
Opcode Fuzzy Hash: a4b68bb30e32700637328301aa9442cc357673899d9c575507dd3e1d89e748ad
Instruction Fuzzy Hash: 74C08C6080C2C28FCB068B61811C760BF60AB03204F0981EEC0DD09093C6514091C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 06A67CD0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Uniqueness

Uniqueness Score: -1.00%

Function 017121C8 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3556e1f512da9d843be33666691cbb1a91587caf0eae05227c74a57f20e66c4c
Instruction ID: 7e76461d262152c31586cc7a20edf67aba24c8d6e7b2a6ef67caf2ed49e5923b
Opcode Fuzzy Hash: 3556e1f512da9d843be33666691cbb1a91587caf0eae05227c74a57f20e66c4c
Instruction Fuzzy Hash: 58B092300201088FC6282BA5F80C0583B28EE006227800070F13A804999B2518808F55

Uniqueness

Uniqueness Score: -1.00%

Function 01719D03 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8529399a8df64b8709d6d7306e555d06fb7e67939f339d41adb027dd1e2ca2f
Instruction ID: 8dda9c1d6b4c2a2c4a760cbdc0e3e1c352111e6e3995fd374ae96ce1c13db97c
Opcode Fuzzy Hash: a8529399a8df64b8709d6d7306e555d06fb7e67939f339d41adb027dd1e2ca2f
Instruction Fuzzy Hash: F1B01237B20028A6CB10D7D8F8518DCF730EFD0332F000033D3005200047701639C690

Uniqueness

Uniqueness Score: -1.00%

Function 06A65FA3 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b75ea5c8d12a8ce2d9da2156d37b4e8d919a92c0b683a6df1bd33a346019a89
Instruction ID: 1dad4439d70cdce7abb282a33265bc5fe2e200aadc71f223f6f951cb828d9e8b
Opcode Fuzzy Hash: 2b75ea5c8d12a8ce2d9da2156d37b4e8d919a92c0b683a6df1bd33a346019a89
Instruction Fuzzy Hash: EFB0920020E7D02ED75337310C204976E3418432203CA83CAA1E1C90E386481A158672

Uniqueness

Uniqueness Score: -1.00%

Function 06A6C3E0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282583316.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4e5d53068f1b81f7eabaaceccdf3723e8cf1f5d9d3bf5f802d7685e93af5d6
Instruction ID: 4ed6da10464256c716beae0a282588d1e7163ff8fe88a37a6b74cc17f5fcdf97
Opcode Fuzzy Hash: 2c4e5d53068f1b81f7eabaaceccdf3723e8cf1f5d9d3bf5f802d7685e93af5d6
Instruction Fuzzy Hash: B4B09232000208AB87049B84E8048A5BF69AB59600740C025F609061128B33F862DB94

Uniqueness

Uniqueness Score: -1.00%

Function 01714BD0 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3df78ff7807da9dfd6cc7903d00ca73c2fcb6b21c49e3529444914fe88921f3
Instruction ID: 9873f13fcdb19242b3b7d6827548976bbeaae0e8c7656b232c548c5e79c21314
Opcode Fuzzy Hash: a3df78ff7807da9dfd6cc7903d00ca73c2fcb6b21c49e3529444914fe88921f3
Instruction Fuzzy Hash: A6A002715100018BCE18DB50DA69414FB21BFC0301309C2A4D026456958B29AA80CF40

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01713DD0 Relevance: 1.6, Strings: 1, Instructions: 303COMMON

Download Yara Rule

Strings

, xrefs: 01714046

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: aaf51c645f0ab51d66218c5e5b9e98f16baca6604007d35edd80a1bda2d1d48c
Instruction ID: bed7c0e63edbaa91c0494934092cc74bcdab4f71bcbf152069bc30ed23efab65
Opcode Fuzzy Hash: aaf51c645f0ab51d66218c5e5b9e98f16baca6604007d35edd80a1bda2d1d48c
Instruction Fuzzy Hash: A3A1DC31F0020A8FCB14DF6DD9804AEFBB2FB89221B19857AD619DB349D730AC558BD1

Uniqueness

Uniqueness Score: -1.00%

Function 01712ED1 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a93975672ac1ebf9a813301542dead59ed4e13429b001b8c74bdeb7e4761da
Instruction ID: 03582389e886690d4470c0be7584a119d384d5a4b6d49646926fbe410cc8a2b2
Opcode Fuzzy Hash: 73a93975672ac1ebf9a813301542dead59ed4e13429b001b8c74bdeb7e4761da
Instruction Fuzzy Hash: AAF18F71E002698FCB15CF69C880AADFBF2BF89314F29C5A9D059AB256C7349D85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0171EB18 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab228c5331e905141f83c629e3c7ad106643f5f2f5d125ecc2f98f2058458f9
Instruction ID: 8ca4ea0b536042674477e4ee36a190b36abe7ff9d51fde90751e652a2c90338f
Opcode Fuzzy Hash: 6ab228c5331e905141f83c629e3c7ad106643f5f2f5d125ecc2f98f2058458f9
Instruction Fuzzy Hash: 67D12B35A005058FDB15DF6CC584AA9FBF2BF88710F69C499D905AB366CB31EC85CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01712FC8 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e679a92fbb51fb27497df9d029c08030799e8ab2043a23b59f1f5b7ffad265e3
Instruction ID: 6bdc97b255dd9a20bd9e636cb2e0f3372f90524449fb0eef893cbe4290d090d3
Opcode Fuzzy Hash: e679a92fbb51fb27497df9d029c08030799e8ab2043a23b59f1f5b7ffad265e3
Instruction Fuzzy Hash: 20914071E002199BDB15CF69C880AADF7B3BF84314F29C5A9D059AB349CB34AD85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 017139F1 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.282020744.0000000001710000.00000040.00000800.00020000.00000000.sdmp, Offset: 01710000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1710000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479bc6946c4250a8dede47c766674044388ddb8424125e5eb544796c9c6018a4
Instruction ID: edf5a1c4c86531a1195858343d6858292f19182992a0512996c178eab9525b7f
Opcode Fuzzy Hash: 479bc6946c4250a8dede47c766674044388ddb8424125e5eb544796c9c6018a4
Instruction Fuzzy Hash: 31613B32F205258BD754DB6DC890B5EB7A3BFC8720F2AC164E419AB359DE34ED018B90

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Turkiye_2023_order_hitado_pdf.exePID: 5208, Parent PID: 6452COMMON

Execution Graph

Execution Coverage:	11.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0.6%
Total number of Nodes:	492
Total number of Limit Nodes:	58

Executed Functions

Function 015E677C Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 015E721B

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: ff3ba27c702cacfddd68963cc1209d709f16a5f653d129cc8753d6d512cfec11
Instruction ID: a4b428845451bf7ab788bc597d98805272b5559366a5dc05af0eea2cff3ba792
Opcode Fuzzy Hash: ff3ba27c702cacfddd68963cc1209d709f16a5f653d129cc8753d6d512cfec11
Instruction Fuzzy Hash: 6651F271D002188FDB18CFA9D888B9DBBF1FF48310F14855AE819AB391D774A845CF95

Uniqueness

Uniqueness Score: -1.00%

Function 015E70D4 Relevance: 1.6, APIs: 1, Instructions: 136COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 015E721B

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 4d6c9b795ddf762bd918491d51b78073e8cc26e76dc0c2450dd22892c8c6825a
Instruction ID: d56c9a7831df1105961767ad37e6b770e575aaeefa0954e3f1316bb03036471d
Opcode Fuzzy Hash: 4d6c9b795ddf762bd918491d51b78073e8cc26e76dc0c2450dd22892c8c6825a
Instruction Fuzzy Hash: 7451F371D002188FDB18CFA9C888B9DBBF1FF48314F158569E819AB351D7749845CF95

Uniqueness

Uniqueness Score: -1.00%

Function 015E6B5C Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00000000), ref: 015E721B

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 11e1a71ea9aace457af851a049d644f20f2d91cac658c4618ca5b8574809173d
Instruction ID: 29c6230e233f658e4bdae2e725eb027e65c5f085cac743c337c8a774c8b1db3b
Opcode Fuzzy Hash: 11e1a71ea9aace457af851a049d644f20f2d91cac658c4618ca5b8574809173d
Instruction Fuzzy Hash: 2751F270D002188FDB18CFA9C888B9DBBF1FF48310F148559E819AB351D774A845CF95

Uniqueness

Uniqueness Score: -1.00%

Function 06C5BD0C Relevance: 1.6, APIs: 1, Instructions: 114COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C5BE2A

Memory Dump Source

Source File: 00000004.00000002.478101810.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c50000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 376938f27ffb19f55a50a6d699e3abc889152d1d69da2c682b50e7e0158a9534
Instruction ID: 2596dd85d5e2ba11c90f24c8f94fcb405dd2f51e31748d62ad430fbb6f3c0924
Opcode Fuzzy Hash: 376938f27ffb19f55a50a6d699e3abc889152d1d69da2c682b50e7e0158a9534
Instruction Fuzzy Hash: 0751EFB1C00309DFDB14CFA9C994ADEBFB5BF88310F25856AE818AB210D7749985CF94

Uniqueness

Uniqueness Score: -1.00%

Function 06C5BD18 Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C5BE2A

Memory Dump Source

Source File: 00000004.00000002.478101810.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c50000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 2245675ea40d379d696f3a74732a15407bc0250477bcfccd75378baa1218e5da
Instruction ID: 67fd56bfc1b8d01e87bbc9bfed64471176c35835bca99d0c0ad358bd9daad135
Opcode Fuzzy Hash: 2245675ea40d379d696f3a74732a15407bc0250477bcfccd75378baa1218e5da
Instruction Fuzzy Hash: C641B0B1D003099FDB14CF9AD894ADEBFB5FF88350F25852AE818AB210D7749985CF94

Uniqueness

Uniqueness Score: -1.00%

Function 015EF2F0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 015EF3B1

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 65ff5b3d1c55509b193e064811839d9c50ea65ff8a9183fa5832ab3cf749b800
Instruction ID: e36baeba382efb7371425db6e7ebacc80e1ddd475e825da572400a996f89bd3a
Opcode Fuzzy Hash: 65ff5b3d1c55509b193e064811839d9c50ea65ff8a9183fa5832ab3cf749b800
Instruction Fuzzy Hash: 3B4118B5900349DFDB14CF99C848AAEBBF5FF88314F258499D419AB321D774A941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 015EF160 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 015EFD10

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 6fa75bc09b8dde037b92a71ba092df5169196f08becb3968e961e80b49705ab6
Instruction ID: 8489604389c40e5e6feb9be66a27b2be9b16879968d9efa40641f5dfd4cc0652
Opcode Fuzzy Hash: 6fa75bc09b8dde037b92a71ba092df5169196f08becb3968e961e80b49705ab6
Instruction Fuzzy Hash: A53102B0D01248DFDB18DF99D988B9DBFF4BB48314F24805AE404BB290DBB5A885CB95

Uniqueness

Uniqueness Score: -1.00%

Function 015EFC7C Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 015EFD10

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 1ef10a2882df6d24642bee142468377d47976adce685ba8eb62e57394feabac9
Instruction ID: 8d3f03431c5688d59674260aedf2dcba49c8e91055d400528df8390eedecfca5
Opcode Fuzzy Hash: 1ef10a2882df6d24642bee142468377d47976adce685ba8eb62e57394feabac9
Instruction Fuzzy Hash: F43104B0D01248DFDB14CF99D988BCDBFF5BB48314F24805AE004BB290DB755885CB55

Uniqueness

Uniqueness Score: -1.00%

Function 06C390E0 Relevance: 1.6, APIs: 1, Instructions: 73libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,06C390C1,00000800), ref: 06C39152

Memory Dump Source

Source File: 00000004.00000002.478071446.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c30000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8f7fa41d4d13b18f0d7cdba0ebc50f70f8a2ebaa4a7a79bcffc283732560b82c
Instruction ID: e2bde51cf84bad15d0f761999278704df61cc16abfa8e83ee3635b8cca34c82b
Opcode Fuzzy Hash: 8f7fa41d4d13b18f0d7cdba0ebc50f70f8a2ebaa4a7a79bcffc283732560b82c
Instruction Fuzzy Hash: 9721ABB6D043888FCB10CFAAD844ADEBFF8EB89360F14846ED458A7240D3749549CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06C5F960 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06C5F9EF

Memory Dump Source

Source File: 00000004.00000002.478101810.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c50000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ae27764e50418490caa8f15937b39b57e583d33962753ba18042fd3ed2ab0b7f
Instruction ID: e9e62bc801c53eb3d217e9b53e48cd3799834b147be31c9ea15cfce76c7013d1
Opcode Fuzzy Hash: ae27764e50418490caa8f15937b39b57e583d33962753ba18042fd3ed2ab0b7f
Instruction Fuzzy Hash: 1321E9B5D002499FDB10CFA9D984ADEBFF5FB48310F25841AE858A3350D3749994CF65

Uniqueness

Uniqueness Score: -1.00%

Function 06C5F968 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06C5F9EF

Memory Dump Source

Source File: 00000004.00000002.478101810.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c50000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 676e9b2c9c013ace6182c3d692b043033f551470a2edec7add83d61ba6cdc48e
Instruction ID: feb19d8d39e4450d500471c81f16ec6d7b2084963215560c2554e3fbc920a96b
Opcode Fuzzy Hash: 676e9b2c9c013ace6182c3d692b043033f551470a2edec7add83d61ba6cdc48e
Instruction Fuzzy Hash: E521E6B59002489FDB10CF9AD984ADEBBF8EB48320F15841AE814A3310D374A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06C31CE0 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

SetWindowsHookExA.USER32(?,00000000,?,?), ref: 06C31D63

Memory Dump Source

Source File: 00000004.00000002.478071446.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c30000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: cbf2b7972d56300f08da69938a52a88dee1442eb5c5327e1d399d386e5cad070
Instruction ID: 646f808cdb9e5f4849e08e160db77f8b013c7f73fd42a93e44ca7865b084d126
Opcode Fuzzy Hash: cbf2b7972d56300f08da69938a52a88dee1442eb5c5327e1d399d386e5cad070
Instruction Fuzzy Hash: 522127B5D00209CFCB54CF99D944BEEBBF5EB88324F24841AD419A7250C774A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06C31CE8 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

SetWindowsHookExA.USER32(?,00000000,?,?), ref: 06C31D63

Memory Dump Source

Source File: 00000004.00000002.478071446.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c30000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 1cafca5ac9f21a0fbfe85d3cac66c896921059bad2bbe6843f1ceeffc9890423
Instruction ID: 73d4180453a0f39ead2c67092b8c20840656b2e7bdd183203d27af0f8dbee0f5
Opcode Fuzzy Hash: 1cafca5ac9f21a0fbfe85d3cac66c896921059bad2bbe6843f1ceeffc9890423
Instruction Fuzzy Hash: C92124B5D002099FCB54CF9AC944BEEFBF5EB88320F14842AD419A7250C774A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06C37E78 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,06C390C1,00000800), ref: 06C39152

Memory Dump Source

Source File: 00000004.00000002.478071446.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c30000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 28847926de69c12c580deda311e8e1539d9ea8d8856ae89dd89c3e39549a0406
Instruction ID: ef2f94ebe999a7ba395e8524c7972187b9680bb4cf7c583b3e3cb42ad6054625
Opcode Fuzzy Hash: 28847926de69c12c580deda311e8e1539d9ea8d8856ae89dd89c3e39549a0406
Instruction Fuzzy Hash: 101108B1C002088FCB10CF9AC444ADEBBF8EB48314F10841AD419B7200D3B4A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 015EF03D Relevance: 1.6, APIs: 1, Instructions: 51comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 015EFB95

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 50130bb464b67f5e3a43d09d614e4efbc554a79124317fc03826d733e144a49f
Instruction ID: ef10efd8caec748a3097a661b2f7d864b206347b6a3fe46525994934e7def5dc
Opcode Fuzzy Hash: 50130bb464b67f5e3a43d09d614e4efbc554a79124317fc03826d733e144a49f
Instruction Fuzzy Hash: 611146B0C047488FCB10DF9AC448BDEBFF8EB49324F24885AD458A7600D374A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 06C59060 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 06C5ACD6

Memory Dump Source

Source File: 00000004.00000002.478101810.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c50000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: fb2f59813effe4ac793c93ef34d28811ddc3f5086b954f167309958cabd977c4
Instruction ID: 7c2eb631da2a2c332b18fb9d504c778f62edb1afd81e9e1618cbcd55ba4179b7
Opcode Fuzzy Hash: fb2f59813effe4ac793c93ef34d28811ddc3f5086b954f167309958cabd977c4
Instruction Fuzzy Hash: C51104B1C006498FDB10DF9AC944ADEFBF4EB89324F11855AD819B7200D375A585CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06C5AC68 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 06C5ACD6

Memory Dump Source

Source File: 00000004.00000002.478101810.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c50000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e3fe20c461b129625ff899b8a0f9e7a041f73f7548c53165eb3af80d0d6b284f
Instruction ID: 5fd49d90f3a370eeb4edbeb81e93a45e79bc8bf8ef44b0397a16a009cd84b241
Opcode Fuzzy Hash: e3fe20c461b129625ff899b8a0f9e7a041f73f7548c53165eb3af80d0d6b284f
Instruction Fuzzy Hash: 9A1134B6C002098FCB10DF9AC9446DEFBF4AF48320F21851AC428B3650C379A185CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 015EF04C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 015EFB95

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 2b07abc79e7b9db2387ece241247fad6ec743451ea12296e93b8b9d748d156e2
Instruction ID: 665ff48d066b8202c6c2f1eb90214dc9938f50de4fba4bfa59c33bda9e6a4228
Opcode Fuzzy Hash: 2b07abc79e7b9db2387ece241247fad6ec743451ea12296e93b8b9d748d156e2
Instruction Fuzzy Hash: 6311D3B1D006488FDB10DF9AD548B9EBFF8EB49364F24885AD518B7300D778A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 015EEE14 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,015EF605), ref: 015EF68F

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 99663e280d34ff7cbceb240ec4726f95fc097df9081895300bf8f2daa3b06542
Instruction ID: 29a912bf48d95842bfc49f8d753bb1327bed9397d5871f336549eaa111786442
Opcode Fuzzy Hash: 99663e280d34ff7cbceb240ec4726f95fc097df9081895300bf8f2daa3b06542
Instruction Fuzzy Hash: EA1103B1C006498FCB10DF9AD588B9EBBF8EB89324F20885AD519B7250D774A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 015EFB39 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 015EFB95

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: f1d7848e8b2622adf43eadca889d03d1edf3604250867ba257b5e68cd7e1bf6d
Instruction ID: d903008a073da0c12bc771b16f03522a1f028b467bc185af4cd11f7fd90bb81a
Opcode Fuzzy Hash: f1d7848e8b2622adf43eadca889d03d1edf3604250867ba257b5e68cd7e1bf6d
Instruction Fuzzy Hash: 511118B1C006498FCB10CF99D548BDEBBF8EB48364F24885AD418B7300D374A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 015EF628 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,015EF605), ref: 015EF68F

Memory Dump Source

Source File: 00000004.00000002.477150520.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_15e0000_Turkiye_2023_order_hitado_pdf.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: bdf3a0853ed6a10569984cb96228b47ccfa6e0ad8ae8bfef748268ca697d190f
Instruction ID: ec0ba42ffc054caf42141c155d9e31d50a75072fddf8f01aa0cbd61e1159600f
Opcode Fuzzy Hash: bdf3a0853ed6a10569984cb96228b47ccfa6e0ad8ae8bfef748268ca697d190f
Instruction Fuzzy Hash: B51133B1C006088FCB10CF9AD548B9EBBF4EB48324F24881AD418B7310C378A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Turkiye_2023_order_hitado_pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Turkiye_2023_order_hitado_pdf.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
Turkiye_2023_order_hitado_pdf.exe

Function 061E0B22 Relevance: 3.1, APIs: 2, Instructions: 91
memorythreadinjectionCOMMON

Function 017123A8 Relevance: 2.6, Strings: 2, Instructions: 102
COMMON

Function 061E0D86 Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Function 061E0D90 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 06A62F10 Relevance: 1.6, Strings: 1, Instructions: 344
COMMON

Function 061E0A48 Relevance: 1.6, APIs: 1, Instructions: 84
threadinjectionCOMMON

Function 061E11C8 Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Function 061E0BE0 Relevance: 1.6, APIs: 1, Instructions: 71
injectionCOMMON

Function 061E0BE8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 061E0A50 Relevance: 1.6, APIs: 1, Instructions: 63
threadinjectionCOMMON

Function 061E11D0 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 061E0B28 Relevance: 1.6, APIs: 1, Instructions: 53
memoryCOMMON

Function 061E099A Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Function 061E09A0 Relevance: 1.5, APIs: 1, Instructions: 49
threadCOMMON

Function 06A684E0 Relevance: 1.4, Strings: 1, Instructions: 103
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre