Windows Analysis Report
Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe

Overview

General Information

Sample Name: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Analysis ID: 562263
MD5: 2c3397184076888dee0e3e714bc838de
SHA1: 5e5bd0512a943596b3563bc6bb2cf4825beb8a80
SHA256: 2ebfac5b21e3d11f6ae3418af09ec1f5762f464a5b2c2d110cd918ae5b87ad3c
Tags: exe
Infos:

Detection

AgentTesla
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Yara detected AntiVM3
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Sigma detected: Powershell Defender Exclusion
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Moves itself to temp directory
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
Creates processes with suspicious names
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

AV Detection
barindex
Found malware configuration
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.unpack Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "genelmudur@carmar.com.tr", "Password": "412Abc", "Host": "mail.carmar.com.tr"}
Machine Learning detection for sample
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.4.unpack Avira: Label: TR/Spy.Gen8
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.12.unpack Avira: Label: TR/Spy.Gen8
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.8.unpack Avira: Label: TR/Spy.Gen8
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.10.unpack Avira: Label: TR/Spy.Gen8
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.6.unpack Avira: Label: TR/Spy.Gen8

Compliance
barindex
Uses 32bit PE files
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: IDeserializationCallba.pdb source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe

Software Vulnerabilities
barindex
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 4x nop then jmp 084CA450h 0_2_084CA03E
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 4x nop then jmp 084CA450h 0_2_084CA378
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://DynDns.comDynDNS
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://blog.iandreev.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://blog.iandreev.com/
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jShurS.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.278134300.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.277869805.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293615006.000000000622C000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292449695.000000000622C000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293966007.000000000622E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.308414256.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292449695.000000000622C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comC.TTF%
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292449695.000000000622C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comas2
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293966007.000000000622E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comcom
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293615006.000000000622C000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293966007.000000000622E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comcomd
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292449695.000000000622C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comd
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293615006.000000000622C000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293966007.000000000622E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comdd
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.309806746.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348268546.0000000006220000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.310514871.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311996097.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.308414256.0000000006228000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311201129.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311735741.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comdiafd
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293615006.000000000622C000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.293966007.000000000622E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comlicd
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.309806746.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.310514871.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311996097.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.308414256.0000000006228000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311201129.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311735741.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comm
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.commV
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.309806746.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348268546.0000000006220000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.310514871.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311996097.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311201129.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.311735741.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comrsiva.
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comsiva_
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292664608.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.292449695.000000000622C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comtov
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276486970.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.c
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276486970.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276311724.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276055721.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn0
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276311724.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnP
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276486970.0000000006227000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276311724.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnc
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276486970.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnl-p
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276486970.0000000006227000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnu-eT
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282269637.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282830027.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282269637.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/V
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282830027.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282269637.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/et
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282830027.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282269637.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/_
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279955937.000000000622B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282830027.000000000622D000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282269637.000000000622D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/soft
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271564786.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.268854186.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279485450.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.277552930.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271189293.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276228975.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273334374.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.280327170.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270078687.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272232865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272420366.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273020901.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.269825249.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.275073345.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271052691.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273177047.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279883865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270459395.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272711186.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279286089.000000000623B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271564786.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279485450.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.277552930.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271189293.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276228975.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273334374.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.280327170.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270078687.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272232865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272420366.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273020901.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.269825249.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.275073345.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271052691.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273177047.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279883865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270459395.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272711186.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279286089.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273535386.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.278035944.000000000623B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comR
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271564786.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279485450.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.277552930.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271189293.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276228975.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273334374.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.280327170.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270078687.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272232865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272420366.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273020901.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.269825249.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.275073345.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271052691.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273177047.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279883865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270459395.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272711186.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279286089.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273535386.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.278035944.000000000623B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.come
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271564786.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.268854186.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279485450.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.277552930.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271189293.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.276228975.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273334374.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.280327170.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270078687.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272232865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272420366.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273020901.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.269825249.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.275073345.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.271052691.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273177047.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279883865.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.270459395.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.272711186.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.279286089.000000000623B000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.273535386.000000000623B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comt#
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282181716.0000000006254000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com-e
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282923461.0000000006254000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282588224.0000000006254000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282379029.0000000006254000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.282181716.0000000006254000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com0
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.348604717.0000000007432000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.346263428.0000000004379000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000000.337340320.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000000.335963128.0000000000402000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.6.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.4.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.10.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.12.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.8.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.33bdae4.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.raw.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.raw.unpack, type: UNPACKEDPE Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 2548, type: MEMORYSTR Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
.NET source code contains very large array initializations
Source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bBFA140DAu002dEEE9u002d48A1u002dB952u002d75AF62DA51D4u007d/AA0AC562u002d74C9u002d4813u002d86CEu002dAE2C00050603.cs Large array initialization: .cctor: array initializer size 11956
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.4.unpack, u003cPrivateImplementationDetailsu003eu007bBFA140DAu002dEEE9u002d48A1u002dB952u002d75AF62DA51D4u007d/AA0AC562u002d74C9u002d4813u002d86CEu002dAE2C00050603.cs Large array initialization: .cctor: array initializer size 11956
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.12.unpack, u003cPrivateImplementationDetailsu003eu007bBFA140DAu002dEEE9u002d48A1u002dB952u002d75AF62DA51D4u007d/AA0AC562u002d74C9u002d4813u002d86CEu002dAE2C00050603.cs Large array initialization: .cctor: array initializer size 11956
Uses 32bit PE files
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
Yara signature match
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.6.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.4.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.10.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.12.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.8.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.33bdae4.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 2548, type: MEMORYSTR Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Detected potential crypto function
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_032089A0 0_2_032089A0
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_03207628 0_2_03207628
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_0320761B 0_2_0320761B
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_084C9788 0_2_084C9788
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_084C0040 0_2_084C0040
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_084C0006 0_2_084C0006
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_084C511F 0_2_084C511F
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_084C345D 0_2_084C345D
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_084C9779 0_2_084C9779
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_018047A0 13_2_018047A0
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_01804790 13_2_01804790
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_01804772 13_2_01804772
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_0180D820 13_2_0180D820
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_065294F8 13_2_065294F8
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_06527538 13_2_06527538
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_06526920 13_2_06526920
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_06526C68 13_2_06526C68
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process Stats: CPU usage > 98%
Sample file is different than original file name gathered from version info
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.346263428.0000000004379000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamegjIgjaWlvfkrRhCfyZyuqtOC.exe4 vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.346263428.0000000004379000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUI.dllF vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSafeSerializationManager.dll: vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamegjIgjaWlvfkrRhCfyZyuqtOC.exe4 vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000000.258242615.0000000001038000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameIDeserializationCallba.exe4 vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.349634034.0000000008340000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameUI.dllF vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000000.331859853.0000000000FD8000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameIDeserializationCallba.exe4 vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 0000000D.00000000.337340320.0000000000402000.00000040.00000400.00020000.00000000.sdmp Binary or memory string: OriginalFilenamegjIgjaWlvfkrRhCfyZyuqtOC.exe4 vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Binary or memory string: OriginalFilenameIDeserializationCallba.exe4 vs Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File read: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe:Zone.Identifier Jump to behavior
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe "C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe"
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.log Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_afrgsmzg.efd.ps1 Jump to behavior
Source: classification engine Classification label: mal100.troj.evad.winEXE@6/5@0/0
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Mutant created: \Sessions\1\BaseNamedObjects\blSFHwnZs
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2260:120:WilError_01
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.301501953.000000000624C000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.301777219.000000000624C000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000003.301640651.000000000624C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: of The Monotype Corporation.slnt
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.9.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.9.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.3.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.3.unpack, az/zr.cs Cryptographic APIs: 'CreateDecryptor'
Source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack, A/b2.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack, A/b2.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: IDeserializationCallba.pdb source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.9.unpack, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.3.unpack, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.7.unpack, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.11.unpack, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.1.unpack, Tp/CU.cs .Net Code: Jgo System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
.NET source code contains method to dynamically call methods (often used by packers)
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 0.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f60000.0.unpack, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.9.unpack, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.3.unpack, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.7.unpack, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.11.unpack, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.f00000.1.unpack, az/zr.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 0_2_084CC855 push FFFFFF8Bh; iretd 0_2_084CC857
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_0652A61F push es; iretd 13_2_0652A63C
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_06528540 push es; ret 13_2_06528550

Persistence and Installation Behavior
barindex
Creates processes with suspicious names
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File created: \garanti bbva #u00d6deme havalesi dekontu 28012022.exe
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File created: \garanti bbva #u00d6deme havalesi dekontu 28012022.exe
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File created: \garanti bbva #u00d6deme havalesi dekontu 28012022.exe Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe File created: \garanti bbva #u00d6deme havalesi dekontu 28012022.exe Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Moves itself to temp directory
Source: c:\users\user\desktop\garanti bbva #u00d6deme havalesi dekontu 28012022.exe File moved: C:\Users\user\AppData\Local\Temp\tmpG722.tmp Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.33bdae4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 6300, type: MEMORYSTR
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.343445103.0000000003371000.00000004.00000800.00020000.00000000.sdmp, Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe TID: 6304 Thread sleep time: -39352s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe TID: 6428 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe TID: 7124 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1940 Thread sleep time: -6456360425798339s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe TID: 5308 Thread sleep time: -23980767295822402s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe TID: 4488 Thread sleep count: 3212 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe TID: 4488 Thread sleep count: 6524 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe TID: 5308 Thread sleep count: 84 > 30 Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 6205 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 2338 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Window / User API: threadDelayed 3212 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Window / User API: threadDelayed 6524 Jump to behavior
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Thread delayed: delay time: 39352 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe, 00000000.00000002.344823402.00000000034BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Anti Debugging
barindex
Enables debug privileges
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Memory written: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe base: 400000 value starts with: 4D5A Jump to behavior
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Process created: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Jump to behavior

Language, Device and Operating System Detection
barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe Code function: 13_2_0652516C GetUserNameW, 13_2_0652516C

Stealing of Sensitive Information
barindex
Yara detected AgentTesla
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000D.00000000.337340320.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.346263428.0000000004379000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000000.335963128.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.527928094.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000000.336711210.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000000.337809734.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 6300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 2548, type: MEMORYSTR
Yara detected Credential Stealer
Source: Yara match File source: 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 2548, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected AgentTesla
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.0.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.449b3d8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe.44651b8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000D.00000000.337340320.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.346263428.0000000004379000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000000.335963128.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.527928094.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000000.336711210.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000000.337809734.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.530551824.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 6300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe PID: 2548, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 562263 Sample: Garanti BBVA #U00d6deme hav... Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 20 Found malware configuration 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Yara detected AgentTesla 2->24 26 10 other signatures 2->26 7 Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe 4 2->7         started        process3 file4 18 Garanti BBVA #U00d...tu 28012022.exe.log, ASCII 7->18 dropped 28 Adds a directory exclusion to Windows Defender 7->28 30 Injects a PE file into a foreign processes 7->30 11 Garanti BBVA #U00d6deme havalesi dekontu 28012022.exe 2 7->11         started        14 powershell.exe 25 7->14         started        signatures5 process6 signatures7 32 Moves itself to temp directory 11->32 16 conhost.exe 14->16         started        process8
No contacted IP infos