Windows Analysis Report
Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe

Overview

General Information

Sample name: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Analysis ID: 1466644
MD5: 0a4b0ad0f1b172acacb64b09cf6e4277
SHA1: 4d9861a209f9a4f0eae42b5d4290a9f1079fbeb3
SHA256: 6e96f02123bda97a2255ac99a19e72e477237ecfd69755dc042f243affd34af4
Tags: exegeoTUR
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Virustotal: Detection: 31% Perma Link
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe ReversingLabs: Detection: 21%
Yara detected FormBook
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000B.00000002.3851020084.0000000005020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608845942.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3845669243.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1607201928.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3848068617.0000000000D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3847970736.0000000000D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608954398.0000000001720000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3848399247.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: unregmp2.pdb source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607512166.0000000000F28000.00000004.00000020.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847213941.0000000001318000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000000.1533882068.00000000004EE000.00000002.00000001.01000000.0000000C.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000000.1676641682.00000000004EE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wntdll.pdbUGP source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607976712.0000000001390000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1609720610.0000000004350000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1607430184.0000000000C1A000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.0000000004500000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.000000000469E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607976712.0000000001390000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 00000007.00000003.1609720610.0000000004350000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1607430184.0000000000C1A000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.0000000004500000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.000000000469E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: unregmp2.pdbGCTL source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607512166.0000000000F28000.00000004.00000020.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847213941.0000000001318000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0042BE00 FindFirstFileW,FindNextFileW,FindClose, 7_2_0042BE00
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 4x nop then jmp 06C38733h 0_2_06C37E92
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 4x nop then xor eax, eax 7_2_004197B0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 4x nop then pop edi 7_2_0041E09E
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 4x nop then mov ebx, 00000004h 7_2_0435053E

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61426 -> 23.111.180.146:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61430 -> 103.197.25.241:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61431 -> 103.197.25.241:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61433 -> 103.197.25.241:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61434 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61435 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61437 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61438 -> 212.227.172.254:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61439 -> 212.227.172.254:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61441 -> 212.227.172.254:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61442 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61443 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61445 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61446 -> 109.95.158.122:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61447 -> 109.95.158.122:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61449 -> 109.95.158.122:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61450 -> 203.161.49.220:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61451 -> 203.161.49.220:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61453 -> 203.161.49.220:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61454 -> 35.227.248.111:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61455 -> 35.227.248.111:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61457 -> 35.227.248.111:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61458 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61459 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61461 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61462 -> 47.239.13.172:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61463 -> 47.239.13.172:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61465 -> 47.239.13.172:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61466 -> 208.91.197.27:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61467 -> 208.91.197.27:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.8:61469 -> 208.91.197.27:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61470 -> 66.235.200.146:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.8:61471 -> 66.235.200.146:80
Performs DNS queries to domains with low reputation
Source: DNS query: www.evertudy.xyz
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 66.235.200.146 66.235.200.146
Source: Joe Sandbox View IP Address: 23.111.180.146 23.111.180.146
Source: Joe Sandbox View IP Address: 103.197.25.241 103.197.25.241
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View ASN Name: HVC-ASUS HVC-ASUS
Source: Joe Sandbox View ASN Name: CLOUDIE-AS-APCloudieLimitedHK CLOUDIE-AS-APCloudieLimitedHK
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /vpfr/?eZ=3HYLM&iJiX_=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQp0lsgtKVk15wNPoNEOoMMjyN3LU6dxhHI1FgmxIsamdstg== HTTP/1.1Host: www.highwavesmarine.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /vfca/?iJiX_=PjuNaM4rErgNDqYdGwCHqm/mvS3xhxVRtMFmVQvGZApPshrl2us8sSNvZzeSfqXaMpgL6dVjOwb89B84ObwJyCFsntjSnqpwzP+jY6yNjY7ViduojwQX6Un4yLfzesgT7A==&eZ=3HYLM HTTP/1.1Host: www.dxgsf.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /gvk0/?eZ=3HYLM&iJiX_=PBk/k+wnSgDApBLvvStJ1Qfqn2+N7jbU3UJKISJwHJXOTy3qrqzF3aeAlE7aotAu8uhq4eiBm9zMPuEZ1b+PYRv9+O/t9WvMGJPSRuXiPeF8kiiDoShqgPK5SBbSxKLjpw== HTTP/1.1Host: www.dennisrosenberg.studioAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /4ksh/?eZ=3HYLM&iJiX_=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK+Sf67ndIbG8DedkN4mAzPYnwe388RaOdlDVpfZlnLf1iW05ccEvRvL6OrWq1JPJo5l6rk1ZbisRWcHyTHqg== HTTP/1.1Host: www.ennerdaledevcons.co.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /9285/?eZ=3HYLM&iJiX_=z4MROtYNL8tsqryqYVwhIRiC1K/sXlb0hIiORiEdpZxgXp9iqAKh/lqcbyO1AV4s7Ir6nuLseD1viLy4mDmuToN1NFxkjKaOlloDdIBhV0y8LTNSISuvKrOWF9neSWjDzw== HTTP/1.1Host: www.artemhypnotherapy.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /prg5/?eZ=3HYLM&iJiX_=OUWlBSduFOmbWHHx1+vrCN7lKThtnpeA9WltEIwOsC9+Rnf1YsqGBMTu+SXEa1SqJjg2e+xS43eh4+WwnjHBew+mwyIGh8NWq3ehH5OgTP/98tgqTRgcUpqrv79RN6be7A== HTTP/1.1Host: www.mocar.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /csr7/?iJiX_=IuYwVr8nXepE7mYHSf+gGVghE+QsK0Y2QdUzXudSXEAptekBSDag4n7LIWAgnje27+AV9TSqmFigDMavfH+dBRmaO8GFftFICNQKrDMfpUc2J19e4FsCw3tJmkJ0eBlHLQ==&eZ=3HYLM HTTP/1.1Host: www.evertudy.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /qmv1/?eZ=3HYLM&iJiX_=70iXdBj3vvgYA1qv9X+C2v5f15BZXYNXgOSbaBLZsvX+/zBEWaSfpSSmWx4BVFALB6Pvk4Cj2RW76gyU8dG7duzMF8qcwSy0or9MU4FAt6yJL5XTwcCyhmcdeorymiKmWQ== HTTP/1.1Host: www.luo918.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /dmjt/?iJiX_=phzqshWM8++lNTZcZDn6PlPBsxjNAhN5IKmoEk/tfOScWWQLgCWtTff73plV+RjstliAOCijSwUPjuCIutjnEtY8cBV1InP23K1rvoSk7X1+smLn8qttMRFZOf+8GJ/nwg==&eZ=3HYLM HTTP/1.1Host: www.fungusbus.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /2dv8/?iJiX_=psGgeTZm92uMMjwvw3+ekktQKHQr8PtkyzA1wjnO7+NPXjQAxvdC6xrXVCGmGkxqQ5F0SN4BIMC+q/QNsQX29b0eHgxHefEnuc0ogV2nM4gi2K3554lDMjGRktsI1JKBOA==&eZ=3HYLM HTTP/1.1Host: www.qe1jqiste.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic HTTP traffic detected: GET /n12h/?eZ=3HYLM&iJiX_=RL7POCi4RQwOAHw5RpRi0oRkNrFJHCE4O3Q4e5XJ1RgvJteO2OLpaAwWvE/Xee8N43HhgIeZk31xLdwZ5MBNiQ0n2zDakMpJnzyHioqcCYotdW6+iH3FtmEZOQT5Ykxdbw== HTTP/1.1Host: www.thesprinklesontop.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Source: global traffic DNS traffic detected: DNS query: 56.126.166.20.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: www.highwavesmarine.com
Source: global traffic DNS traffic detected: DNS query: www.dxgsf.shop
Source: global traffic DNS traffic detected: DNS query: www.dennisrosenberg.studio
Source: global traffic DNS traffic detected: DNS query: www.shoplifestylebrand.com
Source: global traffic DNS traffic detected: DNS query: www.ennerdaledevcons.co.uk
Source: global traffic DNS traffic detected: DNS query: www.neworldelectronic.com
Source: global traffic DNS traffic detected: DNS query: www.artemhypnotherapy.com
Source: global traffic DNS traffic detected: DNS query: www.todosneaker.com
Source: global traffic DNS traffic detected: DNS query: www.mocar.pro
Source: global traffic DNS traffic detected: DNS query: www.evertudy.xyz
Source: global traffic DNS traffic detected: DNS query: www.luo918.com
Source: global traffic DNS traffic detected: DNS query: www.fungusbus.com
Source: global traffic DNS traffic detected: DNS query: www.newzionocala.com
Source: global traffic DNS traffic detected: DNS query: www.qe1jqiste.sbs
Source: global traffic DNS traffic detected: DNS query: www.thesprinklesontop.com
Source: global traffic DNS traffic detected: DNS query: www.stefanogaus.com
Source: unknown HTTP traffic detected: POST /vfca/ HTTP/1.1Host: www.dxgsf.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brConnection: closeCache-Control: max-age=0Content-Length: 206Content-Type: application/x-www-form-urlencodedOrigin: http://www.dxgsf.shopReferer: http://www.dxgsf.shop/vfca/User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Data Raw: 69 4a 69 58 5f 3d 43 68 47 74 5a 36 31 72 50 4e 67 64 52 4c 63 4d 50 54 47 42 7a 6e 54 31 69 78 6e 6e 37 54 56 41 72 49 46 41 4c 69 6e 66 56 53 52 71 79 45 72 41 67 5a 51 49 35 78 4e 30 52 46 53 77 52 70 4b 48 5a 2f 46 42 39 2f 42 49 48 6d 65 6a 72 58 30 77 4d 35 52 73 35 52 31 63 67 4e 37 70 72 71 74 69 7a 2b 6d 6b 62 74 54 50 75 4a 50 51 73 75 79 4a 67 30 34 52 34 78 43 50 35 62 4f 70 65 74 46 36 34 6b 37 47 72 42 47 33 6d 65 37 61 58 65 48 52 50 44 4e 77 59 73 48 33 39 6b 61 4c 6f 39 76 6a 37 41 76 77 43 45 76 2f 56 76 58 73 59 59 48 7a 6f 64 2b 63 78 67 76 57 62 37 32 68 53 30 49 64 71 34 2f 6d 66 54 4d 3d Data Ascii: iJiX_=ChGtZ61rPNgdRLcMPTGBznT1ixnn7TVArIFALinfVSRqyErAgZQI5xN0RFSwRpKHZ/FB9/BIHmejrX0wM5Rs5R1cgN7prqtiz+mkbtTPuJPQsuyJg04R4xCP5bOpetF64k7GrBG3me7aXeHRPDNwYsH39kaLo9vj7AvwCEv/VvXsYYHzod+cxgvWb72hS0Idq4/mfTM=
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:33:41 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10File not found.0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 39e_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://mocar.pro/wp-json/>; rel="https://api.w.org/"x-et-api-version: v1x-et-api-root: https://mocar.pro/wp-json/tribe/tickets/v1/x-et-api-origin: https://mocar.prox-tec-api-version: v1x-tec-api-root: https://mocar.pro/wp-json/tribe/events/v1/x-tec-api-origin: https://mocar.prox-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 03 Jul 2024 06:35:42 GMTserver: LiteSpeedData Raw: 32 33 63 64 0d 0a f4 ff 1b 22 aa 6a 3d 14 51 d1 ea e1 88 d4 ac 1e 00 8d 94 85 f3 f7 8f d0 e1 73 de 97 99 66 6f eb f3 82 90 2a 0a 88 41 90 92 cf a2 82 39 ae 93 ae 14 44 36 29 d8 20 c0 00 ad cb 1c 26 d9 7d ff f3 b7 4c eb cf c9 e5 44 c5 b3 c4 3d 3c 45 a0 c5 b6 3c cb 96 dc fe da c7 bf a8 9e e0 49 62 82 80 06 64 cb ed ca 5f fb 55 96 0f b0 b1 11 96 d9 c5 45 a5 3c b0 ea d7 dd 62 e0 8b 03 a4 c9 ee 1d bf ee d7 30 b0 33 cb 78 77 b3 7b 04 ac 42 20 23 a3 81 58 01 1b 31 f2 ce c8 b8 c8 08 21 e3 ff b7 d6 a7 30 11 2a c2 46 e9 58 55 af aa 02 f3 43 88 0f aa aa 3f ce 0f 01 f9 3d ab f6 c4 45 8a ac 0a 91 34 dd b7 82 d3 61 9c 0d ab 25 f0 2e ec b3 0c a7 53 b9 94 18 41 d3 7f 05 fa 18 aa fd 2f 0a 08 4a 13 c1 d4 cd 64 a8 d9 7c 77 66 07 76 6c 0e 81 10 5b f0 ba 5f f2 4d fe 58 63 67 7b af ba 78 45 7b 9b be 7b f5 19 07 b5 a5 c5 59 ab b5 0e 11 50 d1 25 bf 4b b7 3c 4e 77 a0 68 54 89 a3 c2 88 65 a8 27 28 c6 45 04 59 cc fb 34 69 ac b4 05 35 a7 f4 fe 59 e3 6e 48 00 ab 68 1f 7c 63 2c fc a9 e2 38 62 91 65 6d d7 b7 d2 87 36 db 37 2e 9b 23 fe 4e d0 a0 85 3b 1f 31 78 a7 89 33 40 6e 7d 44 fd df ff 35 b9 75 da c2 ad f1 4e 93 e4 b7 cb c5 7c be 24 af 7d a5 83 ec 83 6f fc 4c fd 53 d3 2c b3 e0 57 1e e3 4c f8 2a 33 e7 07 dd 3f 54 10 e7 db 8a cb 9a 91 ec ce 44 d6 ac 59 ed 62 3a 58 fb c1 58 ad 67 02 0f 9d 65 59 c7 49 87 52 00 1a 0a 4b 5b 69 34 de 65 a1 21 e5 0d 48 0b 6f ef 2d 79 a9 9d fe ef ff e4 96 ec 7a 13 75 67 54 24 79 ff 37 66 0d 40 9d 51 09 d6 ff 8d ef c0 a1 0e b7 62 88 28 e7 42 9e b1 08 7b cc 62 aa e9 7b 7d 9a 87 da 92 27 00 35 f7 e3 d8 1d 6a 1d 6e c1 19 9d dd 35 95 b6 6a 2e 41 34 36 be 50 ec ce 64 1c fc 4f f0 cf 5d 0f 9d bf 36 1f 01 d1 b8 36 12 45 06 ba d2 11 3e 07 4b 0b 5f ed b4 cc ca 2c ca 9d Data Ascii: 23cd"j=Qsfo*A9D6) &}LD=<E<Ibd_UE<b03xw{B #X1!0*FXUC?=E4a%.SA/Jd|wfvl[_MXcg{xE{{YP%K<NwhTe'(EY4i5YnHh|c,8bem67.#N;1x3@n}D5uN|$}oLS,WL*3?TDYb:XXgeYIRK[i4e!Ho-yzugT$y7f@Qb(B{b{}'5jn5j.A46PdO]66E>K_,
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:35:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:35:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:35:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:35:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:37:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateVary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=HzA0L_VG2BvUmxqqNGFNalJCgeYumQ6ur4ZeQLs2dC8-1719988631107-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnlyServer: cloudflareCF-RAY: 89d4dd8f0c2543a6-EWRContent-Encoding: gzipData Raw: 34 39 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e 8d 92 12 4d b4 b7 c2 d6 ca e4 b0 1a f3 3f 1e ac e8 52 01 a1 55 6d 98 f2 d8 ba 1c 2a 34 1e 6d 0c 91 ca 75 5a 1c 73 d8 69 4c ad bf ed 9d 57 bb 23 4b 14 de f5 6f 95 61 0d aa ba f1 39 ac 57 ab 7d 33 96 5a 26 df 54 2d e4 ca 61 7d b7 29 d1 7b 82 e7 df 44 63 27 a4 1c 67 b2 8a ef 61 fa 6c 6c f2 83 72 e2 10 17 2d 87 67 e7 ab 2e 0e 6e 47 e4 d1 a6 5a e9 74 bd 5a 4d a9 c9 29 af c8 e4 b0 53 07 94 17 89 4b ef a9 3d 95 d3 b8 f3 d3 98 52 b6 69 52 0f 75 12 10 96 de dc 23 eb 0e 29 33 0e 55 2b 6a cc c1 90 c1 a9 7c 60 3e 87 75 77 00 47 5a c9 3b 81 61 45 1a 21 69 98 87 3c b0 07 bd 75 c1 d4 91 7a 80 3f 65 b4 32 c8 4a 4d 53 de 1d 19 1f 76 0f 73 58 3f eb 0e 33 e3 90 08 7c b6 9a e6 11 42 4f b4 2e 9f cf 99 63 9e ba 30 df 29 c3 89 ba ef bb 03 3c 3d 99 3f c6 e0 68 97 58 91 15 91 95 5b 88 9e fa aa 61 a2 8a f6 56 18 Data Ascii: 494V6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:37:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateVary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=7vZ0TPxp2dfdC1QikTRwrnCZPtzWQi9yVN2T0156zi4-1719988634359-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnlyServer: cloudflareCF-RAY: 89d4dda3598a19d7-EWRContent-Encoding: gzipData Raw: 34 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e 8d 92 12 4d b4 b7 c2 d6 ca e4 b0 1a f3 3f 1e ac e8 52 01 a1 55 6d 98 f2 d8 ba 1c 2a 34 1e 6d 0c 91 ca 75 5a 1c 73 d8 69 4c ad bf ed 9d 57 bb 23 4b 14 de f5 6f 95 61 0d aa ba f1 39 ac 57 ab 7d 33 96 5a 26 df 54 2d e4 ca 61 7d b7 29 d1 7b 82 e7 df 44 63 27 a4 1c 67 b2 8a ef 61 fa 6c 6c f2 83 72 e2 10 17 2d 87 67 e7 ab 2e 0e 6e 47 e4 d1 a6 5a e9 74 bd 5a 4d a9 c9 29 af c8 e4 b0 53 07 94 17 89 4b ef a9 3d 95 d3 b8 f3 d3 98 52 b6 69 52 0f 75 12 10 96 de dc 23 eb 0e 29 33 0e 55 2b 6a cc c1 90 c1 a9 7c 60 3e 87 75 77 00 47 5a c9 3b 81 61 45 1a 21 69 98 87 3c b0 07 bd 75 c1 d4 91 7a 80 3f 65 b4 32 c8 4a 4d 53 de 1d 19 1f 76 0f 73 58 3f eb 0e 33 e3 90 08 7c b6 9a e6 11 42 4f b4 2e 9f cf 99 63 9e ba 30 df 29 c3 89 ba ef bb 03 3c 3d 99 3f c6 e0 68 97 58 91 15 91 95 5b 88 9e fa aa 61 a2 8a f6 56 18 Data Ascii: 49fV6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005BA4000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003C64000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://mocar.pro/prg5/?eZ=3HYLM&iJiX_=OUWlBSduFOmbWHHx1
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000000.00000002.1404111165.00000000029B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3851020084.0000000005082000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.stefanogaus.com
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3851020084.0000000005082000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.stefanogaus.com/0rsk/
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000006510000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3851299709.0000000007460000.00000004.00000800.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.00000000045D0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.thesprinklesontop.com/px.js?ch=1
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000006510000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3851299709.0000000007460000.00000004.00000800.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.00000000045D0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.thesprinklesontop.com/px.js?ch=2
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000006510000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3851299709.0000000007460000.00000004.00000800.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.00000000045D0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.thesprinklesontop.com/sk-logabpstatus.php?a=a1hVY3BFSVExenNSTmVHYmpRNUdGNXVZNnlIbGdzZTQ2N
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://hm.baidu.com/hm.js?
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css
Source: unregmp2.exe, 00000007.00000002.3849243854.000000000605A000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3851299709.0000000007460000.00000004.00000800.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.000000000411A000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
Source: unregmp2.exe, 00000007.00000002.3846142193.000000000067B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: unregmp2.exe, 00000007.00000002.3846142193.0000000000699000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: unregmp2.exe, 00000007.00000003.1786633656.00000000076E5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: unregmp2.exe, 00000007.00000002.3846142193.000000000067B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: unregmp2.exe, 00000007.00000002.3846142193.000000000067B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: unregmp2.exe, 00000007.00000002.3846142193.000000000067B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: unregmp2.exe, 00000007.00000002.3846142193.0000000000699000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: unregmp2.exe, 00000007.00000002.3849243854.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.0000000003F88000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://track.uc.cn/collect
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: unregmp2.exe, 00000007.00000002.3849243854.000000000555C000.00000004.10000000.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.000000000361C000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.ennerdaledevcons.co.uk/4ksh/?eZ=3HYLM&iJiX_=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zE
Source: unregmp2.exe, 00000007.00000003.1791013384.00000000077B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: unregmp2.exe, 00000007.00000002.3849243854.000000000605A000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3851299709.0000000007460000.00000004.00000800.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.000000000411A000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=fungusbus.com
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3848714336.000000000411A000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.sedo.com/services/parking.php3

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000B.00000002.3851020084.0000000005020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608845942.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3845669243.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1607201928.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3848068617.0000000000D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3847970736.0000000000D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608954398.0000000001720000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3848399247.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000B.00000002.3851020084.0000000005020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.1608845942.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.3845669243.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.1607201928.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.3848068617.0000000000D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.3847970736.0000000000D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.1608954398.0000000001720000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.3848399247.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
.NET source code contains very large array initializations
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.5330000.5.raw.unpack, -Module-.cs Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.28fbcc4.0.raw.unpack, -Module-.cs Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0042B463 NtClose, 5_2_0042B463
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402B60 NtClose,LdrInitializeThunk, 5_2_01402B60
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402DF0 NtQuerySystemInformation,LdrInitializeThunk, 5_2_01402DF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402C70 NtFreeVirtualMemory,LdrInitializeThunk, 5_2_01402C70
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014035C0 NtCreateMutant,LdrInitializeThunk, 5_2_014035C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01404340 NtSetContextThread, 5_2_01404340
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01404650 NtSuspendThread, 5_2_01404650
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402BE0 NtQueryValueKey, 5_2_01402BE0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402BF0 NtAllocateVirtualMemory, 5_2_01402BF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402B80 NtQueryInformationFile, 5_2_01402B80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402BA0 NtEnumerateValueKey, 5_2_01402BA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402AD0 NtReadFile, 5_2_01402AD0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402AF0 NtWriteFile, 5_2_01402AF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402AB0 NtWaitForSingleObject, 5_2_01402AB0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402D00 NtSetInformationFile, 5_2_01402D00
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402D10 NtMapViewOfSection, 5_2_01402D10
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402D30 NtUnmapViewOfSection, 5_2_01402D30
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402DD0 NtDelayExecution, 5_2_01402DD0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402DB0 NtEnumerateKey, 5_2_01402DB0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402C60 NtCreateKey, 5_2_01402C60
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402C00 NtQueryInformationProcess, 5_2_01402C00
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402CC0 NtQueryVirtualMemory, 5_2_01402CC0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402CF0 NtOpenProcess, 5_2_01402CF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402CA0 NtQueryInformationToken, 5_2_01402CA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402F60 NtCreateProcessEx, 5_2_01402F60
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402F30 NtCreateSection, 5_2_01402F30
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402FE0 NtCreateFile, 5_2_01402FE0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402F90 NtProtectVirtualMemory, 5_2_01402F90
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402FA0 NtQuerySection, 5_2_01402FA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402FB0 NtResumeThread, 5_2_01402FB0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402E30 NtWriteVirtualMemory, 5_2_01402E30
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402EE0 NtQueueApcThread, 5_2_01402EE0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402E80 NtReadVirtualMemory, 5_2_01402E80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402EA0 NtAdjustPrivilegesToken, 5_2_01402EA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01403010 NtOpenDirectoryObject, 5_2_01403010
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01403090 NtSetValueKey, 5_2_01403090
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014039B0 NtGetContextThread, 5_2_014039B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01403D70 NtOpenThread, 5_2_01403D70
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01403D10 NtOpenProcessToken, 5_2_01403D10
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04574650 NtSuspendThread,LdrInitializeThunk, 7_2_04574650
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04574340 NtSetContextThread,LdrInitializeThunk, 7_2_04574340
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572C70 NtFreeVirtualMemory,LdrInitializeThunk, 7_2_04572C70
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572C60 NtCreateKey,LdrInitializeThunk, 7_2_04572C60
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572CA0 NtQueryInformationToken,LdrInitializeThunk, 7_2_04572CA0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572D10 NtMapViewOfSection,LdrInitializeThunk, 7_2_04572D10
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572D30 NtUnmapViewOfSection,LdrInitializeThunk, 7_2_04572D30
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572DD0 NtDelayExecution,LdrInitializeThunk, 7_2_04572DD0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572DF0 NtQuerySystemInformation,LdrInitializeThunk, 7_2_04572DF0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572EE0 NtQueueApcThread,LdrInitializeThunk, 7_2_04572EE0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572E80 NtReadVirtualMemory,LdrInitializeThunk, 7_2_04572E80
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572F30 NtCreateSection,LdrInitializeThunk, 7_2_04572F30
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572FE0 NtCreateFile,LdrInitializeThunk, 7_2_04572FE0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572FB0 NtResumeThread,LdrInitializeThunk, 7_2_04572FB0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572AD0 NtReadFile,LdrInitializeThunk, 7_2_04572AD0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572AF0 NtWriteFile,LdrInitializeThunk, 7_2_04572AF0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572B60 NtClose,LdrInitializeThunk, 7_2_04572B60
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572BF0 NtAllocateVirtualMemory,LdrInitializeThunk, 7_2_04572BF0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572BE0 NtQueryValueKey,LdrInitializeThunk, 7_2_04572BE0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572BA0 NtEnumerateValueKey,LdrInitializeThunk, 7_2_04572BA0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045735C0 NtCreateMutant,LdrInitializeThunk, 7_2_045735C0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045739B0 NtGetContextThread,LdrInitializeThunk, 7_2_045739B0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572C00 NtQueryInformationProcess, 7_2_04572C00
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572CC0 NtQueryVirtualMemory, 7_2_04572CC0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572CF0 NtOpenProcess, 7_2_04572CF0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572D00 NtSetInformationFile, 7_2_04572D00
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572DB0 NtEnumerateKey, 7_2_04572DB0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572E30 NtWriteVirtualMemory, 7_2_04572E30
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572EA0 NtAdjustPrivilegesToken, 7_2_04572EA0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572F60 NtCreateProcessEx, 7_2_04572F60
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572F90 NtProtectVirtualMemory, 7_2_04572F90
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572FA0 NtQuerySection, 7_2_04572FA0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572AB0 NtWaitForSingleObject, 7_2_04572AB0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04572B80 NtQueryInformationFile, 7_2_04572B80
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04573010 NtOpenDirectoryObject, 7_2_04573010
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04573090 NtSetValueKey, 7_2_04573090
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04573D70 NtOpenThread, 7_2_04573D70
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04573D10 NtOpenProcessToken, 7_2_04573D10
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00438140 NtAllocateVirtualMemory, 7_2_00438140
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00437D00 NtCreateFile, 7_2_00437D00
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00437E60 NtReadFile, 7_2_00437E60
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00437F40 NtDeleteFile, 7_2_00437F40
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00437FE0 NtClose, 7_2_00437FE0
Detected potential crypto function
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_00D8E3A4 0_2_00D8E3A4
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_00D825D8 0_2_00D825D8
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_04E70584 0_2_04E70584
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_04E724B0 0_2_04E724B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_04E70920 0_2_04E70920
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_04E70910 0_2_04E70910
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C32EC3 0_2_06C32EC3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C32EF0 0_2_06C32EF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C39E20 0_2_06C39E20
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C34F9F 0_2_06C34F9F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C34FB0 0_2_06C34FB0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C33750 0_2_06C33750
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C33760 0_2_06C33760
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C33328 0_2_06C33328
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C36870 0_2_06C36870
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004010D0 5_2_004010D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004168DE 5_2_004168DE
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004168E3 5_2_004168E3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0042D8B3 5_2_0042D8B3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004101C3 5_2_004101C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0040E243 5_2_0040E243
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00401260 5_2_00401260
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00403210 5_2_00403210
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00401B8B 5_2_00401B8B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00401B90 5_2_00401B90
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004024E0 5_2_004024E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0040FF9B 5_2_0040FF9B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0040279D 5_2_0040279D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004027A0 5_2_004027A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0040FFA3 5_2_0040FFA3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01458158 5_2_01458158
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0100 5_2_013C0100
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146A118 5_2_0146A118
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014881CC 5_2_014881CC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014901AA 5_2_014901AA
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014841A2 5_2_014841A2
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148A352 5_2_0148A352
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014903E6 5_2_014903E6
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE3F0 5_2_013DE3F0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014502C0 5_2_014502C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0535 5_2_013D0535
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01490591 5_2_01490591
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01482446 5_2_01482446
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01474420 5_2_01474420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147E4F6 5_2_0147E4F6
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F4750 5_2_013F4750
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CC7C0 5_2_013CC7C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EC6E0 5_2_013EC6E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E6962 5_2_013E6962
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0149A9A6 5_2_0149A9A6
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DA840 5_2_013DA840
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D2840 5_2_013D2840
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B68B8 5_2_013B68B8
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE8F0 5_2_013FE8F0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148AB40 5_2_0148AB40
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01486BD7 5_2_01486BD7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DAD00 5_2_013DAD00
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146CD1F 5_2_0146CD1F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E8DBF 5_2_013E8DBF
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CADE0 5_2_013CADE0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0C00 5_2_013D0C00
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0CF2 5_2_013C0CF2
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470CB5 5_2_01470CB5
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01444F40 5_2_01444F40
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F0F30 5_2_013F0F30
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01412F28 5_2_01412F28
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01472F30 5_2_01472F30
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DCFE0 5_2_013DCFE0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144EFA0 5_2_0144EFA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C2FC8 5_2_013C2FC8
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0E59 5_2_013D0E59
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148EE26 5_2_0148EE26
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148EEDB 5_2_0148EEDB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E2E90 5_2_013E2E90
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148CE93 5_2_0148CE93
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0149B16B 5_2_0149B16B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0140516C 5_2_0140516C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BF172 5_2_013BF172
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DB1B0 5_2_013DB1B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147F0CC 5_2_0147F0CC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014870E9 5_2_014870E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148F0E0 5_2_0148F0E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D70C0 5_2_013D70C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148132D 5_2_0148132D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BD34C 5_2_013BD34C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0141739A 5_2_0141739A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D52A0 5_2_013D52A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014712ED 5_2_014712ED
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EB2C0 5_2_013EB2C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01487571 5_2_01487571
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146D5B0 5_2_0146D5B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C1460 5_2_013C1460
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148F43F 5_2_0148F43F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148F7B0 5_2_0148F7B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014816CC 5_2_014816CC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01465910 5_2_01465910
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D9950 5_2_013D9950
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EB950 5_2_013EB950
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143D800 5_2_0143D800
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D38E0 5_2_013D38E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148FB76 5_2_0148FB76
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01445BF0 5_2_01445BF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0140DBF9 5_2_0140DBF9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EFB80 5_2_013EFB80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148FA49 5_2_0148FA49
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01487A46 5_2_01487A46
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01443A6C 5_2_01443A6C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147DAC6 5_2_0147DAC6
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01415AA0 5_2_01415AA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01471AA3 5_2_01471AA3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146DAAC 5_2_0146DAAC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01481D5A 5_2_01481D5A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01487D73 5_2_01487D73
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D3D40 5_2_013D3D40
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EFDC0 5_2_013EFDC0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01449C32 5_2_01449C32
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148FCF2 5_2_0148FCF2
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148FF09 5_2_0148FF09
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D1F92 5_2_013D1F92
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148FFB1 5_2_0148FFB1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D9EB0 5_2_013D9EB0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F2446 7_2_045F2446
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045E4420 7_2_045E4420
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045EE4F6 7_2_045EE4F6
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04540535 7_2_04540535
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04600591 7_2_04600591
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0455C6E0 7_2_0455C6E0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04564750 7_2_04564750
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04540770 7_2_04540770
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0453C7C0 7_2_0453C7C0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045D2000 7_2_045D2000
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045C8158 7_2_045C8158
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045DA118 7_2_045DA118
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04530100 7_2_04530100
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F81CC 7_2_045F81CC
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_046001AA 7_2_046001AA
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F41A2 7_2_045F41A2
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045E0274 7_2_045E0274
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045C02C0 7_2_045C02C0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FA352 7_2_045FA352
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_046003E6 7_2_046003E6
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0454E3F0 7_2_0454E3F0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04540C00 7_2_04540C00
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04530CF2 7_2_04530CF2
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045E0CB5 7_2_045E0CB5
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045DCD1F 7_2_045DCD1F
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0454AD00 7_2_0454AD00
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0453ADE0 7_2_0453ADE0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04558DBF 7_2_04558DBF
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04540E59 7_2_04540E59
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FEE26 7_2_045FEE26
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FEEDB 7_2_045FEEDB
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04552E90 7_2_04552E90
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FCE93 7_2_045FCE93
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045B4F40 7_2_045B4F40
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04560F30 7_2_04560F30
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045E2F30 7_2_045E2F30
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04582F28 7_2_04582F28
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04532FC8 7_2_04532FC8
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0454CFE0 7_2_0454CFE0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045BEFA0 7_2_045BEFA0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0454A840 7_2_0454A840
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04542840 7_2_04542840
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0456E8F0 7_2_0456E8F0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045268B8 7_2_045268B8
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04556962 7_2_04556962
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0460A9A6 7_2_0460A9A6
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045429A0 7_2_045429A0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0453EA80 7_2_0453EA80
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FAB40 7_2_045FAB40
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F6BD7 7_2_045F6BD7
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04531460 7_2_04531460
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FF43F 7_2_045FF43F
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F7571 7_2_045F7571
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_046095C3 7_2_046095C3
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045DD5B0 7_2_045DD5B0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04585630 7_2_04585630
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F16CC 7_2_045F16CC
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FF7B0 7_2_045FF7B0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045EF0CC 7_2_045EF0CC
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045470C0 7_2_045470C0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F70E9 7_2_045F70E9
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FF0E0 7_2_045FF0E0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0460B16B 7_2_0460B16B
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0452F172 7_2_0452F172
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0457516C 7_2_0457516C
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0454B1B0 7_2_0454B1B0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0455B2C0 7_2_0455B2C0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045E12ED 7_2_045E12ED
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045452A0 7_2_045452A0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0452D34C 7_2_0452D34C
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F132D 7_2_045F132D
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0458739A 7_2_0458739A
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045B9C32 7_2_045B9C32
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FFCF2 7_2_045FFCF2
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F1D5A 7_2_045F1D5A
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04543D40 7_2_04543D40
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F7D73 7_2_045F7D73
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0455FDC0 7_2_0455FDC0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04549EB0 7_2_04549EB0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FFF09 7_2_045FFF09
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04541F92 7_2_04541F92
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FFFB1 7_2_045FFFB1
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045AD800 7_2_045AD800
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045438E0 7_2_045438E0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04549950 7_2_04549950
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0455B950 7_2_0455B950
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045D5910 7_2_045D5910
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FFA49 7_2_045FFA49
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045F7A46 7_2_045F7A46
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045B3A6C 7_2_045B3A6C
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045EDAC6 7_2_045EDAC6
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045DDAAC 7_2_045DDAAC
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_04585AA0 7_2_04585AA0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045E1AA3 7_2_045E1AA3
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045FFB76 7_2_045FFB76
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045B5BF0 7_2_045B5BF0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0457DBF9 7_2_0457DBF9
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0455FB80 7_2_0455FB80
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00421920 7_2_00421920
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0043A430 7_2_0043A430
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0041CB18 7_2_0041CB18
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0041CB20 7_2_0041CB20
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0041CD40 7_2_0041CD40
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0041ADC0 7_2_0041ADC0
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0042345B 7_2_0042345B
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00423460 7_2_00423460
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0435A4E9 7_2_0435A4E9
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0435C1BC 7_2_0435C1BC
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0435B228 7_2_0435B228
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0435BD08 7_2_0435BD08
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0435BE24 7_2_0435BE24
Found potential string decryption / allocating functions
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: String function: 04575130 appears 58 times
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: String function: 0452B970 appears 280 times
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: String function: 045AEA12 appears 86 times
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: String function: 04587E54 appears 111 times
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: String function: 045BF290 appears 105 times
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: String function: 0143EA12 appears 86 times
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: String function: 01405130 appears 58 times
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: String function: 0144F290 appears 105 times
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: String function: 013BB970 appears 280 times
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: String function: 01417E54 appears 102 times
Sample file is different than original file name gathered from version info
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000000.00000002.1403395236.0000000000B4E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000000.00000002.1404111165.00000000028D1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameRT.dll. vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000000.00000002.1410260281.00000000048D0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000000.00000002.1405546295.00000000042AE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000000.00000002.1418897295.0000000005330000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameRT.dll. vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607976712.00000000014BD000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607512166.0000000000F28000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: periodtrackConductortrackComposertrackPerformertrackNumbertrackTitleWMContentIDpublisherRatingproviderStylealbumArtistalbumTitleWMCollectionGroupIDWMCollectionIDgenrelabelreleaseDatecommunityRatingdataProviderWM/IsCompilationAverageLevelPeakValueWM/WMCPDistributorIDWM/WMCPDistributorWM/WMShadowFileSourceDRMTypeWM/WMShadowFileSourceFileTypeWM/MediaOriginalBroadcastDateTimeWM/MediaOriginalChannelWM/MediaStationNameWM/SubTitleDescriptionWM/SubscriptionContentIDWM/ContentDistributorWM/ProviderStyleWM/ProviderRatingWM/ProviderWM/ISRCWM/DRMWM/CodecWM/PlaylistDelayWM/RadioStationOwnerWM/RadioStationNameWM/ModifiedByWM/UniqueFileIdentifierWM/WMCollectionGroupIDWM/WMCollectionIDWM/WMContentIDWM/DVDIDWM/TextWM/MoodWM/InitialKeyWM/BeatsPerMinuteWM/ParentalRatingWM/LanguageWM/AudioSourceURLWM/AudioFileURLWM/UserWebURLWM/AuthorURLWM/EncodingTimeWM/EncodingSettingsWM/EncodedByWM/PublisherWM/OriginalFilenameWM/OriginalReleaseYearWM/OriginalAlbumTitleWM/OriginalArtistWM/OriginalLyricistWM/Lyrics_SynchronisedWM/PictureWM/CategoryWM/PeriodWM/MediaClassSecondaryIDWM/MediaClassPrimaryIDWM/VideoFrameRateWM/VideoWidthWM/VideoHeightWM/ProtectionTypeWM/PartOfSetWM/SubTitleWM/ContentGroupDescriptionWM/DirectorWM/ProducerWM/ConductorWM/WriterAspectRatioYAspectRatioXWM/AlbumArtistIsVBRWM/ToolVersionWM/ToolNameWM/TrackNumberWM/LyricsWM/ComposerWM/MCDIWM/GenreIDWM/YearWM/GenreWM/AlbumCoverURLWM/PromotionURLWM/AlbumTitleDRM_IndividualizedVersionDRM_KeyIDCopyrightDescriptionAuthorTitleFileSizeCurrentBitrateIs_ProtectedDuration vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607512166.0000000000F28000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameunregmp2.exej% vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607512166.0000000000F99000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameunregmp2.exej% vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Binary or memory string: OriginalFilenameupNO.exe\ vs Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe
Uses 32bit PE files
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000B.00000002.3851020084.0000000005020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.1608845942.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.3845669243.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.1607201928.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.3848068617.0000000000D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.3847970736.0000000000D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.1608954398.0000000001720000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.3848399247.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: _0020.SetAccessControl
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: _0020.AddAccessRule
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, rqgY43I29yopioxdeG.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, rqgY43I29yopioxdeG.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: _0020.SetAccessControl
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: _0020.AddAccessRule
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, rqgY43I29yopioxdeG.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: _0020.SetAccessControl
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, zLmOuGeWlNMagjT0Ho.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@10/7@17/10
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.log Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7912:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jt4ezjzt.bti.ps1 Jump to behavior
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unregmp2.exe, 00000007.00000002.3846142193.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1789038202.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1787102794.00000000006B3000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1787229007.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3846142193.0000000000703000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Virustotal: Detection: 31%
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe ReversingLabs: Detection: 21%
Source: unknown Process created: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe"
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe"
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Process created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"
Source: C:\Windows\SysWOW64\unregmp2.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe" Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Process created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe" Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: unregmp2.pdb source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607512166.0000000000F28000.00000004.00000020.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847213941.0000000001318000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000000.1533882068.00000000004EE000.00000002.00000001.01000000.0000000C.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000000.1676641682.00000000004EE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wntdll.pdbUGP source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607976712.0000000001390000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1609720610.0000000004350000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1607430184.0000000000C1A000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.0000000004500000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.000000000469E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607976712.0000000001390000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 00000007.00000003.1609720610.0000000004350000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000003.1607430184.0000000000C1A000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.0000000004500000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000007.00000002.3848341578.000000000469E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: unregmp2.pdbGCTL source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, 00000005.00000002.1607512166.0000000000F28000.00000004.00000020.00020000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847213941.0000000001318000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe, DemoForm.cs .Net Code: InitializeComponent
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, zLmOuGeWlNMagjT0Ho.cs .Net Code: Qg2MCFrZDT System.Reflection.Assembly.Load(byte[])
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, zLmOuGeWlNMagjT0Ho.cs .Net Code: Qg2MCFrZDT System.Reflection.Assembly.Load(byte[])
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.5330000.5.raw.unpack, -Module-.cs .Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.5330000.5.raw.unpack, PingPong.cs .Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, zLmOuGeWlNMagjT0Ho.cs .Net Code: Qg2MCFrZDT System.Reflection.Assembly.Load(byte[])
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.28fbcc4.0.raw.unpack, -Module-.cs .Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.28fbcc4.0.raw.unpack, PingPong.cs .Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 7.2.unregmp2.exe.4b2cd08.2.raw.unpack, DemoForm.cs .Net Code: InitializeComponent
Source: 11.2.UQgCFxrqyzfeJVhlwgINlmFOLs.exe.2becd08.1.raw.unpack, DemoForm.cs .Net Code: InitializeComponent
Source: 11.0.UQgCFxrqyzfeJVhlwgINlmFOLs.exe.2becd08.1.raw.unpack, DemoForm.cs .Net Code: InitializeComponent
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 0_2_06C36791 pushad ; retf 0_2_06C367B9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00418893 push 00000067h; ret 5_2_00418910
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00418907 push 00000067h; ret 5_2_00418910
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004051F1 push es; iretd 5_2_004051F3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004052E7 push F2DD9F13h; ret 5_2_004052EC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004053C6 push ebx; retf 5_2_004053CA
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004183DA push 00000018h; ret 5_2_004183DC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_004084EE push ss; ret 5_2_004084FA
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00403480 push eax; ret 5_2_00403482
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00401DA0 push es; retf 5_2_00401DA3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00401DA8 push es; retf 5_2_00401DA3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0041A66B push ecx; ret 5_2_0041A67D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0041A69C push ecx; ret 5_2_0041A67D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0040BF29 pushfd ; retf 5_2_0040BF31
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0040A7DF push ds; retf 5_2_0040A7E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00407784 push esi; retf 5_2_00407789
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C09AD push ecx; mov dword ptr [esp], ecx 5_2_013C09B6
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045027FA pushad ; ret 7_2_045027F9
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0450225F pushad ; ret 7_2_045027F9
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0450283D push eax; iretd 7_2_04502858
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_045309AD push ecx; mov dword ptr [esp], ecx 7_2_045309B6
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00414301 push esi; retf 7_2_00414306
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00418AA6 pushfd ; retf 7_2_00418AAE
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00424F57 push 00000018h; ret 7_2_00424F59
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0041506B push ss; ret 7_2_00415077
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0042D15E push esp; iretd 7_2_0042D165
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0042D102 pushfd ; iretd 7_2_0042D103
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00427130 push ds; retf 7E3Eh 7_2_0042719F
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_004271F3 push ecx; ret 7_2_004271FA
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_00427219 push ecx; ret 7_2_004271FA
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0041735C push ds; retf 7_2_0041735D
Source: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Static PE information: section name: .text entropy: 7.888152463098512
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, TIrtDirDqJ1OEe3yG9.cs High entropy of concatenated method names: 'PypFufvmXk', 'DWWFoEK5uA', 'FFCFSRSlTp', 'vRBFeaGJYx', 'ReBFDXZZVJ', 'NDGFnNFsWQ', 'XQIFGDOvei', 'ntSFZrctHJ', 'LiMFk8xVMh', 'tMHF6cXACi'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, rqgY43I29yopioxdeG.cs High entropy of concatenated method names: 'PnZ2OZPAFJ', 'zfw2hINOCw', 'i7Z2wxEAGx', 'qYr2tg7tuP', 'bDY2yJYEvv', 'nqy29yFdt2', 'SWL2HBpgYP', 'Lmn21PXtfq', 'aHu2BIfyEV', 'tDG24nliby'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, U9J4EjoEU9Xe6kLqiP.cs High entropy of concatenated method names: 'BJgGVUk2be', 'gdVG0kQepZ', 'ToString', 'h5BGjDkb76', 'QEuG279Gy8', 'ArMGFT8XkA', 'O7yGAd8RyK', 'KwNGghhben', 'UJlG7qk9FD', 'c7JGdHQcPM'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, sXJixuzS3YGNeFsAlV.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GKnkbK0xiG', 'g2ckDv7EMD', 'aZuknJC0nW', 'VM8kGabfLr', 'pu8kZjmQQb', 'dU2kkNBZye', 'P6ck68XOCX'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, GAlNoXBqbc1xtX5qdy.cs High entropy of concatenated method names: 'yY7W7wJAaD', 'r9bWdWvOdq', 'DtqWVHPZCu', 'abrW08Wfnt', 'hkhWDO8UhH', 'FiCWnxAaFM', 'Vt9O3hZ2fZuQcGQRbe', 'OZ0GE0aXeU7nqy10Cp', 'xbuWWqc3Ve', 'BXJWiLPsDv'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, zPw5rLuMAYeCqU2rNJS.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Xr06Ob0i2K', 'tgG6hvy0ud', 'gsO6w15GUZ', 'rVB6tipsLZ', 'YMf6yNqfEM', 'Q4J69iNRZE', 'TeU6HgCBZF'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, bDQRot8csROeLadL4C.cs High entropy of concatenated method names: 'niFkWqGMg8', 'UgokigFeFx', 'UfMkMOSmIM', 'UJqkjyjKee', 'mCwk2AD1SK', 'JmikAVmaq9', 'ulbkgNROQo', 'PtRZHwyCbV', 'E00Z1mIuHp', 'b6uZB8Gqy7'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, vPql29dODRnLRowy8w.cs High entropy of concatenated method names: 'DBo7jRBAF4', 'odg7FFODhi', 'MlB7gUDCOt', 'TGAg4wQtdy', 'PvRgzSw7C7', 'jfE73oLcMu', 'xoL7Woxsi5', 'oYP7L8txII', 'gWW7il9Ejo', 'xnY7MKQ8PJ'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, LoXHfJytBratwc18rV.cs High entropy of concatenated method names: 'fhgG1j9q3u', 'ioZG4nkVQ1', 'VtAZ3EwA4a', 'vaoZWtkN4j', 'iOXGl7hBos', 'aVEGPK0jRb', 'nIkGmKhUu0', 'RS3GOr05Rk', 'tiMGhIW64A', 'xSeGw8nyBq'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, tgBpXDFY3ZdZjnatoj.cs High entropy of concatenated method names: 'RykbS8cEyB', 'v4GbeeB6d0', 'BMIbchkN7K', 'tlbbQ9ugSA', 'h8ibNBtxuU', 'oZqbYiHh3f', 'enHb5o54iV', 'rE0bsvWigG', 'iIsbJClW9E', 'CDVblx1UiG'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, zLmOuGeWlNMagjT0Ho.cs High entropy of concatenated method names: 'smVirfWXqD', 'IhMijySULJ', 'YDVi2Zj5NC', 'MLeiFvqAqt', 'zx6iAJ1VWQ', 'dq4igqbLDP', 'ri3i78KubU', 'DA8id9sjUE', 'PFJiR4hnUR', 'fXAiVXsGsr'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, PkCZU0gs0vLe3cuvBk.cs High entropy of concatenated method names: 'mrcZjwvp12', 'Tt9Z2dSxy0', 'yxbZF3E9Zq', 'LaFZADxxHE', 'UXqZg13pI9', 'JAUZ7JCNJX', 'qAVZdwLrLB', 'ArCZRFOWfZ', 'TUxZVJQtG9', 'NwAZ0M2JFh'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, HUOitVGrF2tLZiYvtH.cs High entropy of concatenated method names: 'rGcgrRZrCR', 'Uewg2tXhvb', 'XxMgA2y0Yj', 'RiPg7dOx9M', 'dmpgdR0W4x', 'kqPAyHfQry', 'cuUA9OaT1U', 'pweAHuPkdj', 'GAKA1B9x6Z', 'nG7ABNFkSB'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, IgYToyTS2XfjYSU5Ad.cs High entropy of concatenated method names: 'dqbZcTePFH', 'gLVZQ1T4jt', 'c8aZUEOBfk', 'OmtZNXA4UX', 'PjGZOaRMl6', 'CnwZYaN5dw', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, mGcpHVNvj4jYTR6ee7.cs High entropy of concatenated method names: 'sgKDJfBngc', 'lq1DPdmTFf', 'PmfDOGHu7A', 'Wu0DholMNv', 'pHwDQ67RWG', 'wEWDUyZyXa', 'FbnDNGRWm8', 'DMpDYaZNHZ', 'IORDTtmnPh', 'unND57vpHQ'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, NgnGiRxbjmhibcFxdK.cs High entropy of concatenated method names: 'Dispose', 'ovNWBNMCI5', 'cVELQECccj', 'OpSEEQbZJG', 'S6uW4fVKj5', 'OwgWzmeoUO', 'ProcessDialogKey', 'sZbL37Gacj', 'OR1LWUxBM4', 'ok5LLvctmG'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, SFM5dcuvFxfBQxWKdsb.cs High entropy of concatenated method names: 'Dh1kXe1HgD', 'FKxk8Y8wbV', 'P3xkCCBm0g', 'm2ukumjRC4', 'YbJkx8E9S1', 'sNekoRuG5O', 'b98kIoBdb7', 'GCPkSS6tc0', 'FndkekLAnB', 'h7UkfYFfE7'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, c4PgMshkeuZp3Hk058.cs High entropy of concatenated method names: 'EvFCRrVcN', 'IQauYIcPg', 'LQRoubh60', 'XxHICJcGb', 'gQJeNNAqq', 'r1CfRIMIY', 'gNTQVlFNjAxyR98UsH', 'TGAgZ1Cd1Tbo9Q3gl6', 'L09ZGZPIW', 'V4w6onsmf'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.45597a0.3.raw.unpack, dsj0ng47PhdM71XPPF.cs High entropy of concatenated method names: 'HB17X0jftp', 'gyE78wJoxA', 'D2s7CnJaOq', 'Pmw7uBBeGf', 'AMr7xOqTYe', 'kIS7oIdqPh', 'Rsm7IJV2AY', 'MmB7Sjosav', 'shq7epY46l', 'L3x7fJrGWF'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, TIrtDirDqJ1OEe3yG9.cs High entropy of concatenated method names: 'PypFufvmXk', 'DWWFoEK5uA', 'FFCFSRSlTp', 'vRBFeaGJYx', 'ReBFDXZZVJ', 'NDGFnNFsWQ', 'XQIFGDOvei', 'ntSFZrctHJ', 'LiMFk8xVMh', 'tMHF6cXACi'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, rqgY43I29yopioxdeG.cs High entropy of concatenated method names: 'PnZ2OZPAFJ', 'zfw2hINOCw', 'i7Z2wxEAGx', 'qYr2tg7tuP', 'bDY2yJYEvv', 'nqy29yFdt2', 'SWL2HBpgYP', 'Lmn21PXtfq', 'aHu2BIfyEV', 'tDG24nliby'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, U9J4EjoEU9Xe6kLqiP.cs High entropy of concatenated method names: 'BJgGVUk2be', 'gdVG0kQepZ', 'ToString', 'h5BGjDkb76', 'QEuG279Gy8', 'ArMGFT8XkA', 'O7yGAd8RyK', 'KwNGghhben', 'UJlG7qk9FD', 'c7JGdHQcPM'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, sXJixuzS3YGNeFsAlV.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GKnkbK0xiG', 'g2ckDv7EMD', 'aZuknJC0nW', 'VM8kGabfLr', 'pu8kZjmQQb', 'dU2kkNBZye', 'P6ck68XOCX'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, GAlNoXBqbc1xtX5qdy.cs High entropy of concatenated method names: 'yY7W7wJAaD', 'r9bWdWvOdq', 'DtqWVHPZCu', 'abrW08Wfnt', 'hkhWDO8UhH', 'FiCWnxAaFM', 'Vt9O3hZ2fZuQcGQRbe', 'OZ0GE0aXeU7nqy10Cp', 'xbuWWqc3Ve', 'BXJWiLPsDv'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, zPw5rLuMAYeCqU2rNJS.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Xr06Ob0i2K', 'tgG6hvy0ud', 'gsO6w15GUZ', 'rVB6tipsLZ', 'YMf6yNqfEM', 'Q4J69iNRZE', 'TeU6HgCBZF'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, bDQRot8csROeLadL4C.cs High entropy of concatenated method names: 'niFkWqGMg8', 'UgokigFeFx', 'UfMkMOSmIM', 'UJqkjyjKee', 'mCwk2AD1SK', 'JmikAVmaq9', 'ulbkgNROQo', 'PtRZHwyCbV', 'E00Z1mIuHp', 'b6uZB8Gqy7'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, vPql29dODRnLRowy8w.cs High entropy of concatenated method names: 'DBo7jRBAF4', 'odg7FFODhi', 'MlB7gUDCOt', 'TGAg4wQtdy', 'PvRgzSw7C7', 'jfE73oLcMu', 'xoL7Woxsi5', 'oYP7L8txII', 'gWW7il9Ejo', 'xnY7MKQ8PJ'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, LoXHfJytBratwc18rV.cs High entropy of concatenated method names: 'fhgG1j9q3u', 'ioZG4nkVQ1', 'VtAZ3EwA4a', 'vaoZWtkN4j', 'iOXGl7hBos', 'aVEGPK0jRb', 'nIkGmKhUu0', 'RS3GOr05Rk', 'tiMGhIW64A', 'xSeGw8nyBq'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, tgBpXDFY3ZdZjnatoj.cs High entropy of concatenated method names: 'RykbS8cEyB', 'v4GbeeB6d0', 'BMIbchkN7K', 'tlbbQ9ugSA', 'h8ibNBtxuU', 'oZqbYiHh3f', 'enHb5o54iV', 'rE0bsvWigG', 'iIsbJClW9E', 'CDVblx1UiG'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, zLmOuGeWlNMagjT0Ho.cs High entropy of concatenated method names: 'smVirfWXqD', 'IhMijySULJ', 'YDVi2Zj5NC', 'MLeiFvqAqt', 'zx6iAJ1VWQ', 'dq4igqbLDP', 'ri3i78KubU', 'DA8id9sjUE', 'PFJiR4hnUR', 'fXAiVXsGsr'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, PkCZU0gs0vLe3cuvBk.cs High entropy of concatenated method names: 'mrcZjwvp12', 'Tt9Z2dSxy0', 'yxbZF3E9Zq', 'LaFZADxxHE', 'UXqZg13pI9', 'JAUZ7JCNJX', 'qAVZdwLrLB', 'ArCZRFOWfZ', 'TUxZVJQtG9', 'NwAZ0M2JFh'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, HUOitVGrF2tLZiYvtH.cs High entropy of concatenated method names: 'rGcgrRZrCR', 'Uewg2tXhvb', 'XxMgA2y0Yj', 'RiPg7dOx9M', 'dmpgdR0W4x', 'kqPAyHfQry', 'cuUA9OaT1U', 'pweAHuPkdj', 'GAKA1B9x6Z', 'nG7ABNFkSB'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, IgYToyTS2XfjYSU5Ad.cs High entropy of concatenated method names: 'dqbZcTePFH', 'gLVZQ1T4jt', 'c8aZUEOBfk', 'OmtZNXA4UX', 'PjGZOaRMl6', 'CnwZYaN5dw', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, mGcpHVNvj4jYTR6ee7.cs High entropy of concatenated method names: 'sgKDJfBngc', 'lq1DPdmTFf', 'PmfDOGHu7A', 'Wu0DholMNv', 'pHwDQ67RWG', 'wEWDUyZyXa', 'FbnDNGRWm8', 'DMpDYaZNHZ', 'IORDTtmnPh', 'unND57vpHQ'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, NgnGiRxbjmhibcFxdK.cs High entropy of concatenated method names: 'Dispose', 'ovNWBNMCI5', 'cVELQECccj', 'OpSEEQbZJG', 'S6uW4fVKj5', 'OwgWzmeoUO', 'ProcessDialogKey', 'sZbL37Gacj', 'OR1LWUxBM4', 'ok5LLvctmG'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, SFM5dcuvFxfBQxWKdsb.cs High entropy of concatenated method names: 'Dh1kXe1HgD', 'FKxk8Y8wbV', 'P3xkCCBm0g', 'm2ukumjRC4', 'YbJkx8E9S1', 'sNekoRuG5O', 'b98kIoBdb7', 'GCPkSS6tc0', 'FndkekLAnB', 'h7UkfYFfE7'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, c4PgMshkeuZp3Hk058.cs High entropy of concatenated method names: 'EvFCRrVcN', 'IQauYIcPg', 'LQRoubh60', 'XxHICJcGb', 'gQJeNNAqq', 'r1CfRIMIY', 'gNTQVlFNjAxyR98UsH', 'TGAgZ1Cd1Tbo9Q3gl6', 'L09ZGZPIW', 'V4w6onsmf'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.44d5580.2.raw.unpack, dsj0ng47PhdM71XPPF.cs High entropy of concatenated method names: 'HB17X0jftp', 'gyE78wJoxA', 'D2s7CnJaOq', 'Pmw7uBBeGf', 'AMr7xOqTYe', 'kIS7oIdqPh', 'Rsm7IJV2AY', 'MmB7Sjosav', 'shq7epY46l', 'L3x7fJrGWF'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, TIrtDirDqJ1OEe3yG9.cs High entropy of concatenated method names: 'PypFufvmXk', 'DWWFoEK5uA', 'FFCFSRSlTp', 'vRBFeaGJYx', 'ReBFDXZZVJ', 'NDGFnNFsWQ', 'XQIFGDOvei', 'ntSFZrctHJ', 'LiMFk8xVMh', 'tMHF6cXACi'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, rqgY43I29yopioxdeG.cs High entropy of concatenated method names: 'PnZ2OZPAFJ', 'zfw2hINOCw', 'i7Z2wxEAGx', 'qYr2tg7tuP', 'bDY2yJYEvv', 'nqy29yFdt2', 'SWL2HBpgYP', 'Lmn21PXtfq', 'aHu2BIfyEV', 'tDG24nliby'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, U9J4EjoEU9Xe6kLqiP.cs High entropy of concatenated method names: 'BJgGVUk2be', 'gdVG0kQepZ', 'ToString', 'h5BGjDkb76', 'QEuG279Gy8', 'ArMGFT8XkA', 'O7yGAd8RyK', 'KwNGghhben', 'UJlG7qk9FD', 'c7JGdHQcPM'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, sXJixuzS3YGNeFsAlV.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GKnkbK0xiG', 'g2ckDv7EMD', 'aZuknJC0nW', 'VM8kGabfLr', 'pu8kZjmQQb', 'dU2kkNBZye', 'P6ck68XOCX'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, GAlNoXBqbc1xtX5qdy.cs High entropy of concatenated method names: 'yY7W7wJAaD', 'r9bWdWvOdq', 'DtqWVHPZCu', 'abrW08Wfnt', 'hkhWDO8UhH', 'FiCWnxAaFM', 'Vt9O3hZ2fZuQcGQRbe', 'OZ0GE0aXeU7nqy10Cp', 'xbuWWqc3Ve', 'BXJWiLPsDv'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, zPw5rLuMAYeCqU2rNJS.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Xr06Ob0i2K', 'tgG6hvy0ud', 'gsO6w15GUZ', 'rVB6tipsLZ', 'YMf6yNqfEM', 'Q4J69iNRZE', 'TeU6HgCBZF'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, bDQRot8csROeLadL4C.cs High entropy of concatenated method names: 'niFkWqGMg8', 'UgokigFeFx', 'UfMkMOSmIM', 'UJqkjyjKee', 'mCwk2AD1SK', 'JmikAVmaq9', 'ulbkgNROQo', 'PtRZHwyCbV', 'E00Z1mIuHp', 'b6uZB8Gqy7'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, vPql29dODRnLRowy8w.cs High entropy of concatenated method names: 'DBo7jRBAF4', 'odg7FFODhi', 'MlB7gUDCOt', 'TGAg4wQtdy', 'PvRgzSw7C7', 'jfE73oLcMu', 'xoL7Woxsi5', 'oYP7L8txII', 'gWW7il9Ejo', 'xnY7MKQ8PJ'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, LoXHfJytBratwc18rV.cs High entropy of concatenated method names: 'fhgG1j9q3u', 'ioZG4nkVQ1', 'VtAZ3EwA4a', 'vaoZWtkN4j', 'iOXGl7hBos', 'aVEGPK0jRb', 'nIkGmKhUu0', 'RS3GOr05Rk', 'tiMGhIW64A', 'xSeGw8nyBq'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, tgBpXDFY3ZdZjnatoj.cs High entropy of concatenated method names: 'RykbS8cEyB', 'v4GbeeB6d0', 'BMIbchkN7K', 'tlbbQ9ugSA', 'h8ibNBtxuU', 'oZqbYiHh3f', 'enHb5o54iV', 'rE0bsvWigG', 'iIsbJClW9E', 'CDVblx1UiG'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, zLmOuGeWlNMagjT0Ho.cs High entropy of concatenated method names: 'smVirfWXqD', 'IhMijySULJ', 'YDVi2Zj5NC', 'MLeiFvqAqt', 'zx6iAJ1VWQ', 'dq4igqbLDP', 'ri3i78KubU', 'DA8id9sjUE', 'PFJiR4hnUR', 'fXAiVXsGsr'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, PkCZU0gs0vLe3cuvBk.cs High entropy of concatenated method names: 'mrcZjwvp12', 'Tt9Z2dSxy0', 'yxbZF3E9Zq', 'LaFZADxxHE', 'UXqZg13pI9', 'JAUZ7JCNJX', 'qAVZdwLrLB', 'ArCZRFOWfZ', 'TUxZVJQtG9', 'NwAZ0M2JFh'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, HUOitVGrF2tLZiYvtH.cs High entropy of concatenated method names: 'rGcgrRZrCR', 'Uewg2tXhvb', 'XxMgA2y0Yj', 'RiPg7dOx9M', 'dmpgdR0W4x', 'kqPAyHfQry', 'cuUA9OaT1U', 'pweAHuPkdj', 'GAKA1B9x6Z', 'nG7ABNFkSB'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, IgYToyTS2XfjYSU5Ad.cs High entropy of concatenated method names: 'dqbZcTePFH', 'gLVZQ1T4jt', 'c8aZUEOBfk', 'OmtZNXA4UX', 'PjGZOaRMl6', 'CnwZYaN5dw', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, mGcpHVNvj4jYTR6ee7.cs High entropy of concatenated method names: 'sgKDJfBngc', 'lq1DPdmTFf', 'PmfDOGHu7A', 'Wu0DholMNv', 'pHwDQ67RWG', 'wEWDUyZyXa', 'FbnDNGRWm8', 'DMpDYaZNHZ', 'IORDTtmnPh', 'unND57vpHQ'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, NgnGiRxbjmhibcFxdK.cs High entropy of concatenated method names: 'Dispose', 'ovNWBNMCI5', 'cVELQECccj', 'OpSEEQbZJG', 'S6uW4fVKj5', 'OwgWzmeoUO', 'ProcessDialogKey', 'sZbL37Gacj', 'OR1LWUxBM4', 'ok5LLvctmG'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, SFM5dcuvFxfBQxWKdsb.cs High entropy of concatenated method names: 'Dh1kXe1HgD', 'FKxk8Y8wbV', 'P3xkCCBm0g', 'm2ukumjRC4', 'YbJkx8E9S1', 'sNekoRuG5O', 'b98kIoBdb7', 'GCPkSS6tc0', 'FndkekLAnB', 'h7UkfYFfE7'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, c4PgMshkeuZp3Hk058.cs High entropy of concatenated method names: 'EvFCRrVcN', 'IQauYIcPg', 'LQRoubh60', 'XxHICJcGb', 'gQJeNNAqq', 'r1CfRIMIY', 'gNTQVlFNjAxyR98UsH', 'TGAgZ1Cd1Tbo9Q3gl6', 'L09ZGZPIW', 'V4w6onsmf'
Source: 0.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.48d0000.4.raw.unpack, dsj0ng47PhdM71XPPF.cs High entropy of concatenated method names: 'HB17X0jftp', 'gyE78wJoxA', 'D2s7CnJaOq', 'Pmw7uBBeGf', 'AMr7xOqTYe', 'kIS7oIdqPh', 'Rsm7IJV2AY', 'MmB7Sjosav', 'shq7epY46l', 'L3x7fJrGWF'
Creates processes with suspicious names
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe File created: \siparis. 000867000960 tavsan order_optium a.s 03.07.2024.exe
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe File created: \siparis. 000867000960 tavsan order_optium a.s 03.07.2024.exe
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe File created: \siparis. 000867000960 tavsan order_optium a.s 03.07.2024.exe Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe File created: \siparis. 000867000960 tavsan order_optium a.s 03.07.2024.exe Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe PID: 7728, type: MEMORYSTR
Switches to a custom stack to bypass stack traces
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7AD324
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7AD7E4
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7AD944
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7AD504
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7AD544
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7AD1E4
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7B0154
Source: C:\Windows\SysWOW64\unregmp2.exe API/Special instruction interceptor: Address: 7FFBCB7ADA44
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: D80000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: 28D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: 48D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: 8B30000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: 9B30000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: 9D40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: AD40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: B150000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: C150000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: D150000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: E150000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: F150000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: 10150000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: 11150000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0140096E rdtsc 5_2_0140096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 6157 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 2439 Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Window / User API: threadDelayed 9764 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe API coverage: 0.7 %
Source: C:\Windows\SysWOW64\unregmp2.exe API coverage: 2.5 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe TID: 7752 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8080 Thread sleep time: -1844674407370954s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8068 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7532 Thread sleep count: 208 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7532 Thread sleep time: -416000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7532 Thread sleep count: 9764 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7532 Thread sleep time: -19528000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe TID: 7652 Thread sleep time: -90000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe TID: 7652 Thread sleep time: -42000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe TID: 7652 Thread sleep count: 41 > 30 Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe TID: 7652 Thread sleep time: -41000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\unregmp2.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\unregmp2.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\unregmp2.exe Code function: 7_2_0042BE00 FindFirstFileW,FindNextFileW,FindClose, 7_2_0042BE00
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: 7454168B.7.dr Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: discord.comVMware20,11696494690f
Source: 7454168B.7.dr Binary or memory string: AMC password management pageVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: outlook.office.comVMware20,11696494690s
Source: unregmp2.exe, 00000007.00000002.3846142193.000000000066A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!(
Source: 7454168B.7.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: 7454168B.7.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: 7454168B.7.dr Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: 7454168B.7.dr Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: 7454168B.7.dr Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: 7454168B.7.dr Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: 7454168B.7.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: 7454168B.7.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: 7454168B.7.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000002.3847444137.0000000000BFF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 7454168B.7.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: 7454168B.7.dr Binary or memory string: tasks.office.comVMware20,11696494690o
Source: 7454168B.7.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: 7454168B.7.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: dev.azure.comVMware20,11696494690j
Source: 7454168B.7.dr Binary or memory string: global block list test formVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: 7454168B.7.dr Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: 7454168B.7.dr Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: 7454168B.7.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: 7454168B.7.dr Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: 7454168B.7.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: 7454168B.7.dr Binary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
Source: firefox.exe, 0000000C.00000002.1897851487.0000019F4B2BC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllVV
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0140096E rdtsc 5_2_0140096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_00417893 LdrLoadDll, 5_2_00417893
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01454144 mov eax, dword ptr fs:[00000030h] 5_2_01454144
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01454144 mov eax, dword ptr fs:[00000030h] 5_2_01454144
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01454144 mov ecx, dword ptr fs:[00000030h] 5_2_01454144
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01454144 mov eax, dword ptr fs:[00000030h] 5_2_01454144
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01454144 mov eax, dword ptr fs:[00000030h] 5_2_01454144
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F0124 mov eax, dword ptr fs:[00000030h] 5_2_013F0124
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01458158 mov eax, dword ptr fs:[00000030h] 5_2_01458158
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov eax, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov ecx, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov eax, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov eax, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov ecx, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov eax, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov eax, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov ecx, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov eax, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E10E mov ecx, dword ptr fs:[00000030h] 5_2_0146E10E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01480115 mov eax, dword ptr fs:[00000030h] 5_2_01480115
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146A118 mov ecx, dword ptr fs:[00000030h] 5_2_0146A118
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146A118 mov eax, dword ptr fs:[00000030h] 5_2_0146A118
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146A118 mov eax, dword ptr fs:[00000030h] 5_2_0146A118
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146A118 mov eax, dword ptr fs:[00000030h] 5_2_0146A118
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6154 mov eax, dword ptr fs:[00000030h] 5_2_013C6154
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6154 mov eax, dword ptr fs:[00000030h] 5_2_013C6154
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BC156 mov eax, dword ptr fs:[00000030h] 5_2_013BC156
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014861C3 mov eax, dword ptr fs:[00000030h] 5_2_014861C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014861C3 mov eax, dword ptr fs:[00000030h] 5_2_014861C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E1D0 mov eax, dword ptr fs:[00000030h] 5_2_0143E1D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E1D0 mov eax, dword ptr fs:[00000030h] 5_2_0143E1D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E1D0 mov ecx, dword ptr fs:[00000030h] 5_2_0143E1D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E1D0 mov eax, dword ptr fs:[00000030h] 5_2_0143E1D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E1D0 mov eax, dword ptr fs:[00000030h] 5_2_0143E1D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BA197 mov eax, dword ptr fs:[00000030h] 5_2_013BA197
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BA197 mov eax, dword ptr fs:[00000030h] 5_2_013BA197
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BA197 mov eax, dword ptr fs:[00000030h] 5_2_013BA197
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014961E5 mov eax, dword ptr fs:[00000030h] 5_2_014961E5
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01400185 mov eax, dword ptr fs:[00000030h] 5_2_01400185
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01464180 mov eax, dword ptr fs:[00000030h] 5_2_01464180
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01464180 mov eax, dword ptr fs:[00000030h] 5_2_01464180
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F01F8 mov eax, dword ptr fs:[00000030h] 5_2_013F01F8
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147C188 mov eax, dword ptr fs:[00000030h] 5_2_0147C188
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147C188 mov eax, dword ptr fs:[00000030h] 5_2_0147C188
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144019F mov eax, dword ptr fs:[00000030h] 5_2_0144019F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144019F mov eax, dword ptr fs:[00000030h] 5_2_0144019F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144019F mov eax, dword ptr fs:[00000030h] 5_2_0144019F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144019F mov eax, dword ptr fs:[00000030h] 5_2_0144019F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446050 mov eax, dword ptr fs:[00000030h] 5_2_01446050
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BA020 mov eax, dword ptr fs:[00000030h] 5_2_013BA020
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BC020 mov eax, dword ptr fs:[00000030h] 5_2_013BC020
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE016 mov eax, dword ptr fs:[00000030h] 5_2_013DE016
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE016 mov eax, dword ptr fs:[00000030h] 5_2_013DE016
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE016 mov eax, dword ptr fs:[00000030h] 5_2_013DE016
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE016 mov eax, dword ptr fs:[00000030h] 5_2_013DE016
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01444000 mov ecx, dword ptr fs:[00000030h] 5_2_01444000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01462000 mov eax, dword ptr fs:[00000030h] 5_2_01462000
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EC073 mov eax, dword ptr fs:[00000030h] 5_2_013EC073
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C2050 mov eax, dword ptr fs:[00000030h] 5_2_013C2050
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01456030 mov eax, dword ptr fs:[00000030h] 5_2_01456030
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014420DE mov eax, dword ptr fs:[00000030h] 5_2_014420DE
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014460E0 mov eax, dword ptr fs:[00000030h] 5_2_014460E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014020F0 mov ecx, dword ptr fs:[00000030h] 5_2_014020F0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C208A mov eax, dword ptr fs:[00000030h] 5_2_013C208A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BC0F0 mov eax, dword ptr fs:[00000030h] 5_2_013BC0F0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C80E9 mov eax, dword ptr fs:[00000030h] 5_2_013C80E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BA0E3 mov ecx, dword ptr fs:[00000030h] 5_2_013BA0E3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014580A8 mov eax, dword ptr fs:[00000030h] 5_2_014580A8
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014860B8 mov eax, dword ptr fs:[00000030h] 5_2_014860B8
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014860B8 mov ecx, dword ptr fs:[00000030h] 5_2_014860B8
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01442349 mov eax, dword ptr fs:[00000030h] 5_2_01442349
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01468350 mov ecx, dword ptr fs:[00000030h] 5_2_01468350
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144035C mov eax, dword ptr fs:[00000030h] 5_2_0144035C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144035C mov eax, dword ptr fs:[00000030h] 5_2_0144035C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144035C mov eax, dword ptr fs:[00000030h] 5_2_0144035C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144035C mov ecx, dword ptr fs:[00000030h] 5_2_0144035C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144035C mov eax, dword ptr fs:[00000030h] 5_2_0144035C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144035C mov eax, dword ptr fs:[00000030h] 5_2_0144035C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148A352 mov eax, dword ptr fs:[00000030h] 5_2_0148A352
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BC310 mov ecx, dword ptr fs:[00000030h] 5_2_013BC310
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E0310 mov ecx, dword ptr fs:[00000030h] 5_2_013E0310
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA30B mov eax, dword ptr fs:[00000030h] 5_2_013FA30B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA30B mov eax, dword ptr fs:[00000030h] 5_2_013FA30B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA30B mov eax, dword ptr fs:[00000030h] 5_2_013FA30B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146437C mov eax, dword ptr fs:[00000030h] 5_2_0146437C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014463C0 mov eax, dword ptr fs:[00000030h] 5_2_014463C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147C3CD mov eax, dword ptr fs:[00000030h] 5_2_0147C3CD
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014643D4 mov eax, dword ptr fs:[00000030h] 5_2_014643D4
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014643D4 mov eax, dword ptr fs:[00000030h] 5_2_014643D4
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E3DB mov eax, dword ptr fs:[00000030h] 5_2_0146E3DB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E3DB mov eax, dword ptr fs:[00000030h] 5_2_0146E3DB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E3DB mov ecx, dword ptr fs:[00000030h] 5_2_0146E3DB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146E3DB mov eax, dword ptr fs:[00000030h] 5_2_0146E3DB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B8397 mov eax, dword ptr fs:[00000030h] 5_2_013B8397
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B8397 mov eax, dword ptr fs:[00000030h] 5_2_013B8397
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B8397 mov eax, dword ptr fs:[00000030h] 5_2_013B8397
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E438F mov eax, dword ptr fs:[00000030h] 5_2_013E438F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E438F mov eax, dword ptr fs:[00000030h] 5_2_013E438F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BE388 mov eax, dword ptr fs:[00000030h] 5_2_013BE388
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BE388 mov eax, dword ptr fs:[00000030h] 5_2_013BE388
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BE388 mov eax, dword ptr fs:[00000030h] 5_2_013BE388
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F63FF mov eax, dword ptr fs:[00000030h] 5_2_013F63FF
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE3F0 mov eax, dword ptr fs:[00000030h] 5_2_013DE3F0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE3F0 mov eax, dword ptr fs:[00000030h] 5_2_013DE3F0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE3F0 mov eax, dword ptr fs:[00000030h] 5_2_013DE3F0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D03E9 mov eax, dword ptr fs:[00000030h] 5_2_013D03E9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA3C0 mov eax, dword ptr fs:[00000030h] 5_2_013CA3C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA3C0 mov eax, dword ptr fs:[00000030h] 5_2_013CA3C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA3C0 mov eax, dword ptr fs:[00000030h] 5_2_013CA3C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA3C0 mov eax, dword ptr fs:[00000030h] 5_2_013CA3C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA3C0 mov eax, dword ptr fs:[00000030h] 5_2_013CA3C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA3C0 mov eax, dword ptr fs:[00000030h] 5_2_013CA3C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C83C0 mov eax, dword ptr fs:[00000030h] 5_2_013C83C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C83C0 mov eax, dword ptr fs:[00000030h] 5_2_013C83C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C83C0 mov eax, dword ptr fs:[00000030h] 5_2_013C83C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C83C0 mov eax, dword ptr fs:[00000030h] 5_2_013C83C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B823B mov eax, dword ptr fs:[00000030h] 5_2_013B823B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01448243 mov eax, dword ptr fs:[00000030h] 5_2_01448243
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01448243 mov ecx, dword ptr fs:[00000030h] 5_2_01448243
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147A250 mov eax, dword ptr fs:[00000030h] 5_2_0147A250
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147A250 mov eax, dword ptr fs:[00000030h] 5_2_0147A250
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01470274 mov eax, dword ptr fs:[00000030h] 5_2_01470274
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B826B mov eax, dword ptr fs:[00000030h] 5_2_013B826B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C4260 mov eax, dword ptr fs:[00000030h] 5_2_013C4260
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C4260 mov eax, dword ptr fs:[00000030h] 5_2_013C4260
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C4260 mov eax, dword ptr fs:[00000030h] 5_2_013C4260
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6259 mov eax, dword ptr fs:[00000030h] 5_2_013C6259
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BA250 mov eax, dword ptr fs:[00000030h] 5_2_013BA250
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D02A0 mov eax, dword ptr fs:[00000030h] 5_2_013D02A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D02A0 mov eax, dword ptr fs:[00000030h] 5_2_013D02A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE284 mov eax, dword ptr fs:[00000030h] 5_2_013FE284
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE284 mov eax, dword ptr fs:[00000030h] 5_2_013FE284
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01440283 mov eax, dword ptr fs:[00000030h] 5_2_01440283
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01440283 mov eax, dword ptr fs:[00000030h] 5_2_01440283
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01440283 mov eax, dword ptr fs:[00000030h] 5_2_01440283
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D02E1 mov eax, dword ptr fs:[00000030h] 5_2_013D02E1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D02E1 mov eax, dword ptr fs:[00000030h] 5_2_013D02E1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D02E1 mov eax, dword ptr fs:[00000030h] 5_2_013D02E1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014562A0 mov eax, dword ptr fs:[00000030h] 5_2_014562A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014562A0 mov ecx, dword ptr fs:[00000030h] 5_2_014562A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014562A0 mov eax, dword ptr fs:[00000030h] 5_2_014562A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014562A0 mov eax, dword ptr fs:[00000030h] 5_2_014562A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014562A0 mov eax, dword ptr fs:[00000030h] 5_2_014562A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014562A0 mov eax, dword ptr fs:[00000030h] 5_2_014562A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA2C3 mov eax, dword ptr fs:[00000030h] 5_2_013CA2C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA2C3 mov eax, dword ptr fs:[00000030h] 5_2_013CA2C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA2C3 mov eax, dword ptr fs:[00000030h] 5_2_013CA2C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA2C3 mov eax, dword ptr fs:[00000030h] 5_2_013CA2C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA2C3 mov eax, dword ptr fs:[00000030h] 5_2_013CA2C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE53E mov eax, dword ptr fs:[00000030h] 5_2_013EE53E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE53E mov eax, dword ptr fs:[00000030h] 5_2_013EE53E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE53E mov eax, dword ptr fs:[00000030h] 5_2_013EE53E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE53E mov eax, dword ptr fs:[00000030h] 5_2_013EE53E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE53E mov eax, dword ptr fs:[00000030h] 5_2_013EE53E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0535 mov eax, dword ptr fs:[00000030h] 5_2_013D0535
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0535 mov eax, dword ptr fs:[00000030h] 5_2_013D0535
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0535 mov eax, dword ptr fs:[00000030h] 5_2_013D0535
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0535 mov eax, dword ptr fs:[00000030h] 5_2_013D0535
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0535 mov eax, dword ptr fs:[00000030h] 5_2_013D0535
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0535 mov eax, dword ptr fs:[00000030h] 5_2_013D0535
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01456500 mov eax, dword ptr fs:[00000030h] 5_2_01456500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494500 mov eax, dword ptr fs:[00000030h] 5_2_01494500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494500 mov eax, dword ptr fs:[00000030h] 5_2_01494500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494500 mov eax, dword ptr fs:[00000030h] 5_2_01494500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494500 mov eax, dword ptr fs:[00000030h] 5_2_01494500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494500 mov eax, dword ptr fs:[00000030h] 5_2_01494500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494500 mov eax, dword ptr fs:[00000030h] 5_2_01494500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494500 mov eax, dword ptr fs:[00000030h] 5_2_01494500
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F656A mov eax, dword ptr fs:[00000030h] 5_2_013F656A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F656A mov eax, dword ptr fs:[00000030h] 5_2_013F656A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F656A mov eax, dword ptr fs:[00000030h] 5_2_013F656A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8550 mov eax, dword ptr fs:[00000030h] 5_2_013C8550
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8550 mov eax, dword ptr fs:[00000030h] 5_2_013C8550
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E45B1 mov eax, dword ptr fs:[00000030h] 5_2_013E45B1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E45B1 mov eax, dword ptr fs:[00000030h] 5_2_013E45B1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE59C mov eax, dword ptr fs:[00000030h] 5_2_013FE59C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F4588 mov eax, dword ptr fs:[00000030h] 5_2_013F4588
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C2582 mov eax, dword ptr fs:[00000030h] 5_2_013C2582
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C2582 mov ecx, dword ptr fs:[00000030h] 5_2_013C2582
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC5ED mov eax, dword ptr fs:[00000030h] 5_2_013FC5ED
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC5ED mov eax, dword ptr fs:[00000030h] 5_2_013FC5ED
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE5E7 mov eax, dword ptr fs:[00000030h] 5_2_013EE5E7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C25E0 mov eax, dword ptr fs:[00000030h] 5_2_013C25E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014405A7 mov eax, dword ptr fs:[00000030h] 5_2_014405A7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014405A7 mov eax, dword ptr fs:[00000030h] 5_2_014405A7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014405A7 mov eax, dword ptr fs:[00000030h] 5_2_014405A7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C65D0 mov eax, dword ptr fs:[00000030h] 5_2_013C65D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA5D0 mov eax, dword ptr fs:[00000030h] 5_2_013FA5D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA5D0 mov eax, dword ptr fs:[00000030h] 5_2_013FA5D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE5CF mov eax, dword ptr fs:[00000030h] 5_2_013FE5CF
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE5CF mov eax, dword ptr fs:[00000030h] 5_2_013FE5CF
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA430 mov eax, dword ptr fs:[00000030h] 5_2_013FA430
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147A456 mov eax, dword ptr fs:[00000030h] 5_2_0147A456
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BE420 mov eax, dword ptr fs:[00000030h] 5_2_013BE420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BE420 mov eax, dword ptr fs:[00000030h] 5_2_013BE420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BE420 mov eax, dword ptr fs:[00000030h] 5_2_013BE420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BC427 mov eax, dword ptr fs:[00000030h] 5_2_013BC427
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144C460 mov ecx, dword ptr fs:[00000030h] 5_2_0144C460
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F8402 mov eax, dword ptr fs:[00000030h] 5_2_013F8402
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F8402 mov eax, dword ptr fs:[00000030h] 5_2_013F8402
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F8402 mov eax, dword ptr fs:[00000030h] 5_2_013F8402
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EA470 mov eax, dword ptr fs:[00000030h] 5_2_013EA470
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EA470 mov eax, dword ptr fs:[00000030h] 5_2_013EA470
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EA470 mov eax, dword ptr fs:[00000030h] 5_2_013EA470
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E245A mov eax, dword ptr fs:[00000030h] 5_2_013E245A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446420 mov eax, dword ptr fs:[00000030h] 5_2_01446420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446420 mov eax, dword ptr fs:[00000030h] 5_2_01446420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446420 mov eax, dword ptr fs:[00000030h] 5_2_01446420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446420 mov eax, dword ptr fs:[00000030h] 5_2_01446420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446420 mov eax, dword ptr fs:[00000030h] 5_2_01446420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446420 mov eax, dword ptr fs:[00000030h] 5_2_01446420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01446420 mov eax, dword ptr fs:[00000030h] 5_2_01446420
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B645D mov eax, dword ptr fs:[00000030h] 5_2_013B645D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FE443 mov eax, dword ptr fs:[00000030h] 5_2_013FE443
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F44B0 mov ecx, dword ptr fs:[00000030h] 5_2_013F44B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C64AB mov eax, dword ptr fs:[00000030h] 5_2_013C64AB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C04E5 mov ecx, dword ptr fs:[00000030h] 5_2_013C04E5
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0147A49A mov eax, dword ptr fs:[00000030h] 5_2_0147A49A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144A4B0 mov eax, dword ptr fs:[00000030h] 5_2_0144A4B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F273C mov eax, dword ptr fs:[00000030h] 5_2_013F273C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F273C mov ecx, dword ptr fs:[00000030h] 5_2_013F273C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F273C mov eax, dword ptr fs:[00000030h] 5_2_013F273C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402750 mov eax, dword ptr fs:[00000030h] 5_2_01402750
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402750 mov eax, dword ptr fs:[00000030h] 5_2_01402750
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01444755 mov eax, dword ptr fs:[00000030h] 5_2_01444755
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144E75D mov eax, dword ptr fs:[00000030h] 5_2_0144E75D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC720 mov eax, dword ptr fs:[00000030h] 5_2_013FC720
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC720 mov eax, dword ptr fs:[00000030h] 5_2_013FC720
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0710 mov eax, dword ptr fs:[00000030h] 5_2_013C0710
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F0710 mov eax, dword ptr fs:[00000030h] 5_2_013F0710
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC700 mov eax, dword ptr fs:[00000030h] 5_2_013FC700
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8770 mov eax, dword ptr fs:[00000030h] 5_2_013C8770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0770 mov eax, dword ptr fs:[00000030h] 5_2_013D0770
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0750 mov eax, dword ptr fs:[00000030h] 5_2_013C0750
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F674D mov esi, dword ptr fs:[00000030h] 5_2_013F674D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F674D mov eax, dword ptr fs:[00000030h] 5_2_013F674D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F674D mov eax, dword ptr fs:[00000030h] 5_2_013F674D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143C730 mov eax, dword ptr fs:[00000030h] 5_2_0143C730
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014407C3 mov eax, dword ptr fs:[00000030h] 5_2_014407C3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C07AF mov eax, dword ptr fs:[00000030h] 5_2_013C07AF
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144E7E1 mov eax, dword ptr fs:[00000030h] 5_2_0144E7E1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C47FB mov eax, dword ptr fs:[00000030h] 5_2_013C47FB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C47FB mov eax, dword ptr fs:[00000030h] 5_2_013C47FB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146678E mov eax, dword ptr fs:[00000030h] 5_2_0146678E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E27ED mov eax, dword ptr fs:[00000030h] 5_2_013E27ED
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E27ED mov eax, dword ptr fs:[00000030h] 5_2_013E27ED
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E27ED mov eax, dword ptr fs:[00000030h] 5_2_013E27ED
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014747A0 mov eax, dword ptr fs:[00000030h] 5_2_014747A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CC7C0 mov eax, dword ptr fs:[00000030h] 5_2_013CC7C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C262C mov eax, dword ptr fs:[00000030h] 5_2_013C262C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DE627 mov eax, dword ptr fs:[00000030h] 5_2_013DE627
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F6620 mov eax, dword ptr fs:[00000030h] 5_2_013F6620
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F8620 mov eax, dword ptr fs:[00000030h] 5_2_013F8620
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148866E mov eax, dword ptr fs:[00000030h] 5_2_0148866E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148866E mov eax, dword ptr fs:[00000030h] 5_2_0148866E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D260B mov eax, dword ptr fs:[00000030h] 5_2_013D260B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D260B mov eax, dword ptr fs:[00000030h] 5_2_013D260B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D260B mov eax, dword ptr fs:[00000030h] 5_2_013D260B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D260B mov eax, dword ptr fs:[00000030h] 5_2_013D260B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D260B mov eax, dword ptr fs:[00000030h] 5_2_013D260B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D260B mov eax, dword ptr fs:[00000030h] 5_2_013D260B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D260B mov eax, dword ptr fs:[00000030h] 5_2_013D260B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E609 mov eax, dword ptr fs:[00000030h] 5_2_0143E609
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F2674 mov eax, dword ptr fs:[00000030h] 5_2_013F2674
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01402619 mov eax, dword ptr fs:[00000030h] 5_2_01402619
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA660 mov eax, dword ptr fs:[00000030h] 5_2_013FA660
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA660 mov eax, dword ptr fs:[00000030h] 5_2_013FA660
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DC640 mov eax, dword ptr fs:[00000030h] 5_2_013DC640
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F66B0 mov eax, dword ptr fs:[00000030h] 5_2_013F66B0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC6A6 mov eax, dword ptr fs:[00000030h] 5_2_013FC6A6
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C4690 mov eax, dword ptr fs:[00000030h] 5_2_013C4690
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C4690 mov eax, dword ptr fs:[00000030h] 5_2_013C4690
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E6F2 mov eax, dword ptr fs:[00000030h] 5_2_0143E6F2
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E6F2 mov eax, dword ptr fs:[00000030h] 5_2_0143E6F2
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E6F2 mov eax, dword ptr fs:[00000030h] 5_2_0143E6F2
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E6F2 mov eax, dword ptr fs:[00000030h] 5_2_0143E6F2
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014406F1 mov eax, dword ptr fs:[00000030h] 5_2_014406F1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014406F1 mov eax, dword ptr fs:[00000030h] 5_2_014406F1
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA6C7 mov ebx, dword ptr fs:[00000030h] 5_2_013FA6C7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA6C7 mov eax, dword ptr fs:[00000030h] 5_2_013FA6C7
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01440946 mov eax, dword ptr fs:[00000030h] 5_2_01440946
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B8918 mov eax, dword ptr fs:[00000030h] 5_2_013B8918
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B8918 mov eax, dword ptr fs:[00000030h] 5_2_013B8918
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0140096E mov eax, dword ptr fs:[00000030h] 5_2_0140096E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0140096E mov edx, dword ptr fs:[00000030h] 5_2_0140096E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0140096E mov eax, dword ptr fs:[00000030h] 5_2_0140096E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144C97C mov eax, dword ptr fs:[00000030h] 5_2_0144C97C
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01464978 mov eax, dword ptr fs:[00000030h] 5_2_01464978
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01464978 mov eax, dword ptr fs:[00000030h] 5_2_01464978
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E908 mov eax, dword ptr fs:[00000030h] 5_2_0143E908
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143E908 mov eax, dword ptr fs:[00000030h] 5_2_0143E908
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144C912 mov eax, dword ptr fs:[00000030h] 5_2_0144C912
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E6962 mov eax, dword ptr fs:[00000030h] 5_2_013E6962
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E6962 mov eax, dword ptr fs:[00000030h] 5_2_013E6962
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E6962 mov eax, dword ptr fs:[00000030h] 5_2_013E6962
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144892A mov eax, dword ptr fs:[00000030h] 5_2_0144892A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0145892B mov eax, dword ptr fs:[00000030h] 5_2_0145892B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014569C0 mov eax, dword ptr fs:[00000030h] 5_2_014569C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C09AD mov eax, dword ptr fs:[00000030h] 5_2_013C09AD
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C09AD mov eax, dword ptr fs:[00000030h] 5_2_013C09AD
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148A9D3 mov eax, dword ptr fs:[00000030h] 5_2_0148A9D3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D29A0 mov eax, dword ptr fs:[00000030h] 5_2_013D29A0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144E9E0 mov eax, dword ptr fs:[00000030h] 5_2_0144E9E0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F29F9 mov eax, dword ptr fs:[00000030h] 5_2_013F29F9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F29F9 mov eax, dword ptr fs:[00000030h] 5_2_013F29F9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA9D0 mov eax, dword ptr fs:[00000030h] 5_2_013CA9D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA9D0 mov eax, dword ptr fs:[00000030h] 5_2_013CA9D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA9D0 mov eax, dword ptr fs:[00000030h] 5_2_013CA9D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA9D0 mov eax, dword ptr fs:[00000030h] 5_2_013CA9D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA9D0 mov eax, dword ptr fs:[00000030h] 5_2_013CA9D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CA9D0 mov eax, dword ptr fs:[00000030h] 5_2_013CA9D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F49D0 mov eax, dword ptr fs:[00000030h] 5_2_013F49D0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014489B3 mov esi, dword ptr fs:[00000030h] 5_2_014489B3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014489B3 mov eax, dword ptr fs:[00000030h] 5_2_014489B3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_014489B3 mov eax, dword ptr fs:[00000030h] 5_2_014489B3
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E2835 mov eax, dword ptr fs:[00000030h] 5_2_013E2835
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E2835 mov eax, dword ptr fs:[00000030h] 5_2_013E2835
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E2835 mov eax, dword ptr fs:[00000030h] 5_2_013E2835
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E2835 mov ecx, dword ptr fs:[00000030h] 5_2_013E2835
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E2835 mov eax, dword ptr fs:[00000030h] 5_2_013E2835
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E2835 mov eax, dword ptr fs:[00000030h] 5_2_013E2835
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FA830 mov eax, dword ptr fs:[00000030h] 5_2_013FA830
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01456870 mov eax, dword ptr fs:[00000030h] 5_2_01456870
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01456870 mov eax, dword ptr fs:[00000030h] 5_2_01456870
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144E872 mov eax, dword ptr fs:[00000030h] 5_2_0144E872
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144E872 mov eax, dword ptr fs:[00000030h] 5_2_0144E872
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144C810 mov eax, dword ptr fs:[00000030h] 5_2_0144C810
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C4859 mov eax, dword ptr fs:[00000030h] 5_2_013C4859
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C4859 mov eax, dword ptr fs:[00000030h] 5_2_013C4859
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F0854 mov eax, dword ptr fs:[00000030h] 5_2_013F0854
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146483A mov eax, dword ptr fs:[00000030h] 5_2_0146483A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146483A mov eax, dword ptr fs:[00000030h] 5_2_0146483A
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D2840 mov ecx, dword ptr fs:[00000030h] 5_2_013D2840
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148A8E4 mov eax, dword ptr fs:[00000030h] 5_2_0148A8E4
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0887 mov eax, dword ptr fs:[00000030h] 5_2_013C0887
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC8F9 mov eax, dword ptr fs:[00000030h] 5_2_013FC8F9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FC8F9 mov eax, dword ptr fs:[00000030h] 5_2_013FC8F9
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144C89D mov eax, dword ptr fs:[00000030h] 5_2_0144C89D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EE8C0 mov eax, dword ptr fs:[00000030h] 5_2_013EE8C0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01468B42 mov eax, dword ptr fs:[00000030h] 5_2_01468B42
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01456B40 mov eax, dword ptr fs:[00000030h] 5_2_01456B40
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01456B40 mov eax, dword ptr fs:[00000030h] 5_2_01456B40
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0148AB40 mov eax, dword ptr fs:[00000030h] 5_2_0148AB40
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01474B4B mov eax, dword ptr fs:[00000030h] 5_2_01474B4B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01474B4B mov eax, dword ptr fs:[00000030h] 5_2_01474B4B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146EB50 mov eax, dword ptr fs:[00000030h] 5_2_0146EB50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EEB20 mov eax, dword ptr fs:[00000030h] 5_2_013EEB20
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EEB20 mov eax, dword ptr fs:[00000030h] 5_2_013EEB20
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013BCB7E mov eax, dword ptr fs:[00000030h] 5_2_013BCB7E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143EB1D mov eax, dword ptr fs:[00000030h] 5_2_0143EB1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01488B28 mov eax, dword ptr fs:[00000030h] 5_2_01488B28
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01488B28 mov eax, dword ptr fs:[00000030h] 5_2_01488B28
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0BBE mov eax, dword ptr fs:[00000030h] 5_2_013D0BBE
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0BBE mov eax, dword ptr fs:[00000030h] 5_2_013D0BBE
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146EBD0 mov eax, dword ptr fs:[00000030h] 5_2_0146EBD0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144CBF0 mov eax, dword ptr fs:[00000030h] 5_2_0144CBF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EEBFC mov eax, dword ptr fs:[00000030h] 5_2_013EEBFC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8BF0 mov eax, dword ptr fs:[00000030h] 5_2_013C8BF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8BF0 mov eax, dword ptr fs:[00000030h] 5_2_013C8BF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8BF0 mov eax, dword ptr fs:[00000030h] 5_2_013C8BF0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0BCD mov eax, dword ptr fs:[00000030h] 5_2_013C0BCD
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0BCD mov eax, dword ptr fs:[00000030h] 5_2_013C0BCD
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0BCD mov eax, dword ptr fs:[00000030h] 5_2_013C0BCD
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E0BCB mov eax, dword ptr fs:[00000030h] 5_2_013E0BCB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E0BCB mov eax, dword ptr fs:[00000030h] 5_2_013E0BCB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E0BCB mov eax, dword ptr fs:[00000030h] 5_2_013E0BCB
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01474BB0 mov eax, dword ptr fs:[00000030h] 5_2_01474BB0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01474BB0 mov eax, dword ptr fs:[00000030h] 5_2_01474BB0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FCA38 mov eax, dword ptr fs:[00000030h] 5_2_013FCA38
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E4A35 mov eax, dword ptr fs:[00000030h] 5_2_013E4A35
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013E4A35 mov eax, dword ptr fs:[00000030h] 5_2_013E4A35
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013EEA2E mov eax, dword ptr fs:[00000030h] 5_2_013EEA2E
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FCA24 mov eax, dword ptr fs:[00000030h] 5_2_013FCA24
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0146EA60 mov eax, dword ptr fs:[00000030h] 5_2_0146EA60
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143CA72 mov eax, dword ptr fs:[00000030h] 5_2_0143CA72
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0143CA72 mov eax, dword ptr fs:[00000030h] 5_2_0143CA72
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FCA6F mov eax, dword ptr fs:[00000030h] 5_2_013FCA6F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FCA6F mov eax, dword ptr fs:[00000030h] 5_2_013FCA6F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FCA6F mov eax, dword ptr fs:[00000030h] 5_2_013FCA6F
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_0144CA11 mov eax, dword ptr fs:[00000030h] 5_2_0144CA11
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0A5B mov eax, dword ptr fs:[00000030h] 5_2_013D0A5B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013D0A5B mov eax, dword ptr fs:[00000030h] 5_2_013D0A5B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6A50 mov eax, dword ptr fs:[00000030h] 5_2_013C6A50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6A50 mov eax, dword ptr fs:[00000030h] 5_2_013C6A50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6A50 mov eax, dword ptr fs:[00000030h] 5_2_013C6A50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6A50 mov eax, dword ptr fs:[00000030h] 5_2_013C6A50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6A50 mov eax, dword ptr fs:[00000030h] 5_2_013C6A50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6A50 mov eax, dword ptr fs:[00000030h] 5_2_013C6A50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C6A50 mov eax, dword ptr fs:[00000030h] 5_2_013C6A50
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01416ACC mov eax, dword ptr fs:[00000030h] 5_2_01416ACC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01416ACC mov eax, dword ptr fs:[00000030h] 5_2_01416ACC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01416ACC mov eax, dword ptr fs:[00000030h] 5_2_01416ACC
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8AA0 mov eax, dword ptr fs:[00000030h] 5_2_013C8AA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C8AA0 mov eax, dword ptr fs:[00000030h] 5_2_013C8AA0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F8A90 mov edx, dword ptr fs:[00000030h] 5_2_013F8A90
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013CEA80 mov eax, dword ptr fs:[00000030h] 5_2_013CEA80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01494A80 mov eax, dword ptr fs:[00000030h] 5_2_01494A80
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FAAEE mov eax, dword ptr fs:[00000030h] 5_2_013FAAEE
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013FAAEE mov eax, dword ptr fs:[00000030h] 5_2_013FAAEE
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01416AA4 mov eax, dword ptr fs:[00000030h] 5_2_01416AA4
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013C0AD0 mov eax, dword ptr fs:[00000030h] 5_2_013C0AD0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F4AD0 mov eax, dword ptr fs:[00000030h] 5_2_013F4AD0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F4AD0 mov eax, dword ptr fs:[00000030h] 5_2_013F4AD0
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013F4D1D mov eax, dword ptr fs:[00000030h] 5_2_013F4D1D
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B6D10 mov eax, dword ptr fs:[00000030h] 5_2_013B6D10
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B6D10 mov eax, dword ptr fs:[00000030h] 5_2_013B6D10
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013B6D10 mov eax, dword ptr fs:[00000030h] 5_2_013B6D10
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_01458D6B mov eax, dword ptr fs:[00000030h] 5_2_01458D6B
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DAD00 mov eax, dword ptr fs:[00000030h] 5_2_013DAD00
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Code function: 5_2_013DAD00 mov eax, dword ptr fs:[00000030h] 5_2_013DAD00
Enables debug privileges
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe"
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe" Jump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtCreateMutant: Direct from: 0x774635CC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtWriteVirtualMemory: Direct from: 0x77462E3C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtMapViewOfSection: Direct from: 0x77462D1C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtResumeThread: Direct from: 0x774636AC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtProtectVirtualMemory: Direct from: 0x77462F9C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtSetInformationProcess: Direct from: 0x77462C5C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtSetInformationThread: Direct from: 0x774563F9 Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtProtectVirtualMemory: Direct from: 0x77457B2E Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtNotifyChangeKey: Direct from: 0x77463C2C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtAllocateVirtualMemory: Direct from: 0x77462BFC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtQueryInformationProcess: Direct from: 0x77462C26 Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtResumeThread: Direct from: 0x77462FBC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtReadFile: Direct from: 0x77462ADC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtQuerySystemInformation: Direct from: 0x77462DFC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtDelayExecution: Direct from: 0x77462DDC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtAllocateVirtualMemory: Direct from: 0x77463C9C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtClose: Direct from: 0x77462B6C
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtCreateUserProcess: Direct from: 0x7746371C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtWriteVirtualMemory: Direct from: 0x7746490C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtAllocateVirtualMemory: Direct from: 0x774648EC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtQuerySystemInformation: Direct from: 0x774648CC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtQueryVolumeInformationFile: Direct from: 0x77462F2C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtReadVirtualMemory: Direct from: 0x77462E8C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtCreateKey: Direct from: 0x77462C6C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtSetInformationThread: Direct from: 0x77462B4C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtQueryAttributesFile: Direct from: 0x77462E6C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtDeviceIoControlFile: Direct from: 0x77462AEC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtOpenSection: Direct from: 0x77462E0C Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtCreateFile: Direct from: 0x77462FEC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtOpenFile: Direct from: 0x77462DCC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtQueryInformationToken: Direct from: 0x77462CAC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtTerminateThread: Direct from: 0x77462FCC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtAllocateVirtualMemory: Direct from: 0x77462BEC Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe NtOpenKeyEx: Direct from: 0x77462B9C Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Memory written: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe base: 400000 value starts with: 4D5A Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: NULL target: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Section loaded: NULL target: C:\Windows\SysWOW64\unregmp2.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: NULL target: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: NULL target: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Windows\SysWOW64\unregmp2.exe Thread register set: target process: 1148 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\unregmp2.exe Thread APC queued: target process: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Process created: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe "C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe" Jump to behavior
Source: C:\Program Files (x86)\ZbSDFslviKIFedZkSUgKtKQRuMdiZYRzTkQTcBwsci\UQgCFxrqyzfeJVhlwgINlmFOLs.exe Process created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe" Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847777206.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000000.1534265328.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000000.1677026696.0000000001170000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847777206.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000000.1534265328.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000000.1677026696.0000000001170000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847777206.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000000.1534265328.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000000.1677026696.0000000001170000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: 0Program Manager
Source: UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000002.3847777206.00000000018E1000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 00000006.00000000.1534265328.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, UQgCFxrqyzfeJVhlwgINlmFOLs.exe, 0000000B.00000000.1677026696.0000000001170000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Queries volume information: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000B.00000002.3851020084.0000000005020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608845942.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3845669243.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1607201928.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3848068617.0000000000D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3847970736.0000000000D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608954398.0000000001720000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3848399247.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\unregmp2.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\unregmp2.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000B.00000002.3851020084.0000000005020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608845942.00000000016E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3845669243.0000000000410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1607201928.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3848068617.0000000000D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3847970736.0000000000D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1608954398.0000000001720000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3848399247.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1466644 Sample: Siparis. 000867000960 TAVSA... Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 35 www.evertudy.xyz 2->35 37 xiaoyue.zhuangkou.com 2->37 39 20 other IPs or domains 2->39 47 Snort IDS alert for network traffic 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Multi AV Scanner detection for submitted file 2->51 55 9 other signatures 2->55 10 Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe 4 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 35->53 process4 file5 33 Siparis. 000867000... 03.07.2024.exe.log, ASCII 10->33 dropped 67 Adds a directory exclusion to Windows Defender 10->67 69 Injects a PE file into a foreign processes 10->69 14 Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 UQgCFxrqyzfeJVhlwgINlmFOLs.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 conhost.exe 17->22         started        process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 19->57 24 unregmp2.exe 13 19->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 UQgCFxrqyzfeJVhlwgINlmFOLs.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 www.evertudy.xyz 203.161.49.220, 61450, 61451, 61452 VNPT-AS-VNVNPTCorpVN Malaysia 27->41 43 parkingpage.namecheap.com 91.195.240.19, 61434, 61435, 61436 SEDO-ASDE Germany 27->43 45 8 other IPs or domains 27->45 71 Found direct / indirect Syscall (likely to bypass EDR) 27->71 signatures15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
35.227.248.111
 www.luo918.com United States
15169 GOOGLEUS false
66.235.200.146
 stefanogaus.com United States
13335 CLOUDFLARENETUS true
23.111.180.146
 www.highwavesmarine.com United States
29802 HVC-ASUS true
103.197.25.241
 dxgsf.shop Hong Kong
55933 CLOUDIE-AS-APCloudieLimitedHK true
208.91.197.27
 www.thesprinklesontop.com Virgin Islands (BRITISH)
40034 CONFLUENCE-NETWORK-INCVG true
109.95.158.122
 mocar.pro Poland
48896 DHOSTING-ASWarsawPolandPL true
203.161.49.220
 www.evertudy.xyz Malaysia
45899 VNPT-AS-VNVNPTCorpVN true
91.195.240.19
 parkingpage.namecheap.com Germany
47846 SEDO-ASDE true
47.239.13.172
 xiaoyue.zhuangkou.com United States
20115 CHARTER-20115US true
212.227.172.254
 www.ennerdaledevcons.co.uk Germany
8560 ONEANDONE-ASBrauerstrasse48DE true

Contacted Domains

Name IP Active
mocar.pro 109.95.158.122 true
www.highwavesmarine.com 23.111.180.146 true
www.thesprinklesontop.com 208.91.197.27 true
parkingpage.namecheap.com 91.195.240.19 true
www.ennerdaledevcons.co.uk 212.227.172.254 true
dxgsf.shop 103.197.25.241 true
stefanogaus.com 66.235.200.146 true
www.luo918.com 35.227.248.111 true
xiaoyue.zhuangkou.com 47.239.13.172 true
www.evertudy.xyz 203.161.49.220 true
www.fungusbus.com unknown unknown
www.newzionocala.com unknown unknown
56.126.166.20.in-addr.arpa unknown unknown
www.dennisrosenberg.studio unknown unknown
www.shoplifestylebrand.com unknown unknown
www.qe1jqiste.sbs unknown unknown
www.mocar.pro unknown unknown
www.dxgsf.shop unknown unknown
www.neworldelectronic.com unknown unknown
www.stefanogaus.com unknown unknown
www.artemhypnotherapy.com unknown unknown
www.todosneaker.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.evertudy.xyz/csr7/ true
  • Avira URL Cloud: safe
 unknown
http://www.qe1jqiste.sbs/2dv8/ true
  • Avira URL Cloud: safe
 unknown
http://www.fungusbus.com/dmjt/?iJiX_=phzqshWM8++lNTZcZDn6PlPBsxjNAhN5IKmoEk/tfOScWWQLgCWtTff73plV+RjstliAOCijSwUPjuCIutjnEtY8cBV1InP23K1rvoSk7X1+smLn8qttMRFZOf+8GJ/nwg==&eZ=3HYLM true
  • Avira URL Cloud: safe
 unknown
http://www.ennerdaledevcons.co.uk/4ksh/?eZ=3HYLM&iJiX_=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK+Sf67ndIbG8DedkN4mAzPYnwe388RaOdlDVpfZlnLf1iW05ccEvRvL6OrWq1JPJo5l6rk1ZbisRWcHyTHqg== true
  • Avira URL Cloud: safe
 unknown
http://www.luo918.com/qmv1/?eZ=3HYLM&iJiX_=70iXdBj3vvgYA1qv9X+C2v5f15BZXYNXgOSbaBLZsvX+/zBEWaSfpSSmWx4BVFALB6Pvk4Cj2RW76gyU8dG7duzMF8qcwSy0or9MU4FAt6yJL5XTwcCyhmcdeorymiKmWQ== false
  • Avira URL Cloud: safe
 unknown
http://www.artemhypnotherapy.com/9285/ true
  • Avira URL Cloud: safe
 unknown
http://www.mocar.pro/prg5/?eZ=3HYLM&iJiX_=OUWlBSduFOmbWHHx1+vrCN7lKThtnpeA9WltEIwOsC9+Rnf1YsqGBMTu+SXEa1SqJjg2e+xS43eh4+WwnjHBew+mwyIGh8NWq3ehH5OgTP/98tgqTRgcUpqrv79RN6be7A== true
  • Avira URL Cloud: safe
 unknown
http://www.luo918.com/qmv1/ false
  • Avira URL Cloud: safe
 unknown
http://www.dxgsf.shop/vfca/?iJiX_=PjuNaM4rErgNDqYdGwCHqm/mvS3xhxVRtMFmVQvGZApPshrl2us8sSNvZzeSfqXaMpgL6dVjOwb89B84ObwJyCFsntjSnqpwzP+jY6yNjY7ViduojwQX6Un4yLfzesgT7A==&eZ=3HYLM true
  • Avira URL Cloud: safe
 unknown
http://www.stefanogaus.com/0rsk/ true
  • Avira URL Cloud: safe
 unknown
http://www.dxgsf.shop/vfca/ true
  • Avira URL Cloud: safe
 unknown
http://www.mocar.pro/prg5/ true
  • Avira URL Cloud: safe
 unknown
http://www.qe1jqiste.sbs/2dv8/?iJiX_=psGgeTZm92uMMjwvw3+ekktQKHQr8PtkyzA1wjnO7+NPXjQAxvdC6xrXVCGmGkxqQ5F0SN4BIMC+q/QNsQX29b0eHgxHefEnuc0ogV2nM4gi2K3554lDMjGRktsI1JKBOA==&eZ=3HYLM true
  • Avira URL Cloud: safe
 unknown
http://www.thesprinklesontop.com/n12h/?eZ=3HYLM&iJiX_=RL7POCi4RQwOAHw5RpRi0oRkNrFJHCE4O3Q4e5XJ1RgvJteO2OLpaAwWvE/Xee8N43HhgIeZk31xLdwZ5MBNiQ0n2zDakMpJnzyHioqcCYotdW6+iH3FtmEZOQT5Ykxdbw== true
  • Avira URL Cloud: safe
 unknown
http://www.highwavesmarine.com/vpfr/?eZ=3HYLM&iJiX_=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQp0lsgtKVk15wNPoNEOoMMjyN3LU6dxhHI1FgmxIsamdstg== true
  • Avira URL Cloud: safe
 unknown
http://www.ennerdaledevcons.co.uk/4ksh/ true
  • Avira URL Cloud: safe
 unknown
http://www.fungusbus.com/dmjt/ true
  • Avira URL Cloud: safe
 unknown
http://www.thesprinklesontop.com/n12h/ true
  • Avira URL Cloud: safe
 unknown
http://www.evertudy.xyz/csr7/?iJiX_=IuYwVr8nXepE7mYHSf+gGVghE+QsK0Y2QdUzXudSXEAptekBSDag4n7LIWAgnje27+AV9TSqmFigDMavfH+dBRmaO8GFftFICNQKrDMfpUc2J19e4FsCw3tJmkJ0eBlHLQ==&eZ=3HYLM true
  • Avira URL Cloud: safe
 unknown
http://www.dennisrosenberg.studio/gvk0/ true
  • Avira URL Cloud: safe
 unknown
http://www.dennisrosenberg.studio/gvk0/?eZ=3HYLM&iJiX_=PBk/k+wnSgDApBLvvStJ1Qfqn2+N7jbU3UJKISJwHJXOTy3qrqzF3aeAlE7aotAu8uhq4eiBm9zMPuEZ1b+PYRv9+O/t9WvMGJPSRuXiPeF8kiiDoShqgPK5SBbSxKLjpw== true
  • Avira URL Cloud: safe
 unknown