Edit tour

Windows Analysis Report
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Overview

General Information

Sample Name:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Analysis ID:	682142
MD5:	687eaf8fd9a58cf46574aef19dafc169
SHA1:	cd557296fdbb180f7ff621740194358c35f40df2
SHA256:	29dde4dac348711a623a7a26f912d95fa2049f8853fa60b2dc4b2ab1fa977302
Tags:	exeSnakeKeylogger
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Snake Keylogger

Malicious sample detected (through community Yara rule)

Yara detected Telegram RAT

Yara detected AntiVM3

Snort IDS alert for network traffic

Tries to steal Mail credentials (via file / registry access)

Tries to harvest and steal ftp login credentials

.NET source code references suspicious native API functions

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

May check the online IP address of the machine

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

Yara detected Generic Downloader

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Yara detected Credential Stealer

Creates processes with suspicious names

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Uses a known web browser user agent for HTTP communication

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe (PID: 5912 cmdline: "C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe" MD5: 687EAF8FD9A58CF46574AEF19DAFC169)

TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe (PID: 4592 cmdline: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe MD5: 687EAF8FD9A58CF46574AEF19DAFC169)

cleanup

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram Token": "5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU", "Telegram ID": "5350445922"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x3c59c:$x1: $%SMTPDV$ 0x3b25e:$x2: $#TheHashHere%& 0x3c544:$x3: %FTPDV$ 0x3b240:$x4: $%TelegramDv$ 0x38bb1:$x5: KeyLoggerEventArgs 0x38f47:$x5: KeyLoggerEventArgs 0x3c5c8:$m1: \| Snake Keylogger 0x3c66e:$m1: \| Snake Keylogger 0x3c7c2:$m1: \| Snake Keylogger 0x3c8e8:$m1: \| Snake Keylogger 0x3ca42:$m1: \| Snake Keylogger 0x3c568:$m2: Clipboard Logs ID 0x3c778:$m2: Screenshot Logs ID 0x3c88c:$m2: keystroke Logs ID 0x3ca78:$m3: SnakePW 0x3c750:$m4: \SnakeKeylogger\
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x379b3:$a1: get_encryptedPassword 0x37c9f:$a2: get_encryptedUsername 0x377bf:$a3: get_timePasswordChanged 0x378ba:$a4: get_passwordField 0x379c9:$a5: set_encryptedPassword 0x38fe4:$a7: get_logins 0x38f47:$a10: KeyLoggerEventArgs 0x38bb1:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x210c4:$x1: $%SMTPDV$ 0x284dbc:$x1: $%SMTPDV$ 0x1fd86:$x2: $#TheHashHere%& 0x283a7e:$x2: $#TheHashHere%& 0x2106c:$x3: %FTPDV$ 0x284d64:$x3: %FTPDV$ 0x1fd68:$x4: $%TelegramDv$ 0x283a60:$x4: $%TelegramDv$ 0x1d6d9:$x5: KeyLoggerEventArgs 0x1da6f:$x5: KeyLoggerEventArgs 0x2813d1:$x5: KeyLoggerEventArgs 0x281767:$x5: KeyLoggerEventArgs 0x210f0:$m1: \| Snake Keylogger 0x21196:$m1: \| Snake Keylogger 0x212ea:$m1: \| Snake Keylogger 0x21410:$m1: \| Snake Keylogger 0x2156a:$m1: \| Snake Keylogger 0x284de8:$m1: \| Snake Keylogger 0x284e8e:$m1: \| Snake Keylogger 0x284fe2:$m1: \| Snake Keylogger 0x285108:$m1: \| Snake Keylogger
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1c4db:$a1: get_encryptedPassword 0x2801d3:$a1: get_encryptedPassword 0x1c7c7:$a2: get_encryptedUsername 0x2804bf:$a2: get_encryptedUsername 0x1c2e7:$a3: get_timePasswordChanged 0x27ffdf:$a3: get_timePasswordChanged 0x1c3e2:$a4: get_passwordField 0x2800da:$a4: get_passwordField 0x1c4f1:$a5: set_encryptedPassword 0x2801e9:$a5: set_encryptedPassword 0x1db0c:$a7: get_logins 0x281804:$a7: get_logins 0x1da6f:$a10: KeyLoggerEventArgs 0x281767:$a10: KeyLoggerEventArgs 0x1d6d9:$a11: KeyLoggerEventArgsEventHandler 0x2813d1:$a11: KeyLoggerEventArgsEventHandler
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18594:$x1: $%SMTPDV$ 0x17256:$x2: $#TheHashHere%& 0x1853c:$x3: %FTPDV$ 0x17238:$x4: $%TelegramDv$ 0x14ba9:$x5: KeyLoggerEventArgs 0x14f3f:$x5: KeyLoggerEventArgs 0x185c0:$m1: \| Snake Keylogger 0x18666:$m1: \| Snake Keylogger 0x187ba:$m1: \| Snake Keylogger 0x188e0:$m1: \| Snake Keylogger 0x18a3a:$m1: \| Snake Keylogger 0x18560:$m2: Clipboard Logs ID 0x18770:$m2: Screenshot Logs ID 0x18884:$m2: keystroke Logs ID 0x18a70:$m3: SnakePW 0x18748:$m4: \SnakeKeylogger\
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x139ab:$a1: get_encryptedPassword 0x13c97:$a2: get_encryptedUsername 0x137b7:$a3: get_timePasswordChanged 0x138b2:$a4: get_passwordField 0x139c1:$a5: set_encryptedPassword 0x14fdc:$a7: get_logins 0x14f3f:$a10: KeyLoggerEventArgs 0x14ba9:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x3490:$x5: KeyLoggerEventArgs 0x3826:$x5: KeyLoggerEventArgs 0x434c:$x5: KeyLoggerEventArgs 0x46ad:$x5: KeyLoggerEventArgs 0x122806:$x5: KeyLoggerEventArgs 0x122b9c:$x5: KeyLoggerEventArgs 0x1236c2:$x5: KeyLoggerEventArgs 0x123a23:$x5: KeyLoggerEventArgs 0x5b56:$m1: \| Snake Keylogger 0x5ba5:$m1: \| Snake Keylogger 0x5c39:$m1: \| Snake Keylogger 0x5c9a:$m1: \| Snake Keylogger 0x5d0f:$m1: \| Snake Keylogger 0x124ecc:$m1: \| Snake Keylogger 0x124f1b:$m1: \| Snake Keylogger 0x124faf:$m1: \| Snake Keylogger 0x125010:$m1: \| Snake Keylogger 0x125085:$m1: \| Snake Keylogger 0x5b25:$m2: Clipboard Logs ID 0x5c14:$m2: Screenshot Logs ID 0x5c6c:$m2: keystroke Logs ID
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1697:$a1: get_encryptedPassword 0x120a0d:$a1: get_encryptedPassword 0x1979:$a2: get_encryptedUsername 0x120cef:$a2: get_encryptedUsername 0x14ad:$a3: get_timePasswordChanged 0x120823:$a3: get_timePasswordChanged 0x15a8:$a4: get_passwordField 0x12091e:$a4: get_passwordField 0x16ad:$a5: set_encryptedPassword 0x120a23:$a5: set_encryptedPassword 0x38c3:$a7: get_logins 0x122c39:$a7: get_logins 0x3826:$a10: KeyLoggerEventArgs 0x122b9c:$a10: KeyLoggerEventArgs 0x3490:$a11: KeyLoggerEventArgsEventHandler 0x122806:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x14c4b:$x5: KeyLoggerEventArgs 0x14fe1:$x5: KeyLoggerEventArgs 0x15b07:$x5: KeyLoggerEventArgs 0x15e68:$x5: KeyLoggerEventArgs 0x17311:$m1: \| Snake Keylogger 0x17360:$m1: \| Snake Keylogger 0x173f4:$m1: \| Snake Keylogger 0x17455:$m1: \| Snake Keylogger 0x174ca:$m1: \| Snake Keylogger 0x172e0:$m2: Clipboard Logs ID 0x173cf:$m2: Screenshot Logs ID 0x17427:$m2: keystroke Logs ID 0x174e5:$m3: SnakePW 0x173bb:$m4: \SnakeKeylogger\
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12e52:$a1: get_encryptedPassword 0x13134:$a2: get_encryptedUsername 0x12c68:$a3: get_timePasswordChanged 0x12d63:$a4: get_passwordField 0x12e68:$a5: set_encryptedPassword 0x1507e:$a7: get_logins 0x14fe1:$a10: KeyLoggerEventArgs 0x14c4b:$a11: KeyLoggerEventArgsEventHandler
Click to see the 21 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19294:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1847d:$a3: \Google\Chrome\User Data\Default\Login Data 0x188c4:$a4: \Orbitum\User Data\Default\Login Data 0x19a45:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x12925:$s1: UnHook 0x1292c:$s2: SetHook 0x12934:$s3: CallNextHook 0x12941:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16994:$x1: $%SMTPDV$ 0x15656:$x2: $#TheHashHere%& 0x1693c:$x3: %FTPDV$ 0x15638:$x4: $%TelegramDv$ 0x12fa9:$x5: KeyLoggerEventArgs 0x1333f:$x5: KeyLoggerEventArgs 0x169c0:$m1: \| Snake Keylogger 0x16a66:$m1: \| Snake Keylogger 0x16bba:$m1: \| Snake Keylogger 0x16ce0:$m1: \| Snake Keylogger 0x16e3a:$m1: \| Snake Keylogger 0x16960:$m2: Clipboard Logs ID 0x16b70:$m2: Screenshot Logs ID 0x16c84:$m2: keystroke Logs ID 0x16e70:$m3: SnakePW 0x16b48:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x11dab:$a1: get_encryptedPassword 0x12097:$a2: get_encryptedUsername 0x11bb7:$a3: get_timePasswordChanged 0x11cb2:$a4: get_passwordField 0x11dc1:$a5: set_encryptedPassword 0x133dc:$a7: get_logins 0x1333f:$a10: KeyLoggerEventArgs 0x12fa9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19294:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1847d:$a3: \Google\Chrome\User Data\Default\Login Data 0x188c4:$a4: \Orbitum\User Data\Default\Login Data 0x19a45:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x12925:$s1: UnHook 0x1292c:$s2: SetHook 0x12934:$s3: CallNextHook 0x12941:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16994:$x1: $%SMTPDV$ 0x15656:$x2: $#TheHashHere%& 0x1693c:$x3: %FTPDV$ 0x15638:$x4: $%TelegramDv$ 0x12fa9:$x5: KeyLoggerEventArgs 0x1333f:$x5: KeyLoggerEventArgs 0x169c0:$m1: \| Snake Keylogger 0x16a66:$m1: \| Snake Keylogger 0x16bba:$m1: \| Snake Keylogger 0x16ce0:$m1: \| Snake Keylogger 0x16e3a:$m1: \| Snake Keylogger 0x16960:$m2: Clipboard Logs ID 0x16b70:$m2: Screenshot Logs ID 0x16c84:$m2: keystroke Logs ID 0x16e70:$m3: SnakePW 0x16b48:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x11dab:$a1: get_encryptedPassword 0x12097:$a2: get_encryptedUsername 0x11bb7:$a3: get_timePasswordChanged 0x11cb2:$a4: get_passwordField 0x11dc1:$a5: set_encryptedPassword 0x133dc:$a7: get_logins 0x1333f:$a10: KeyLoggerEventArgs 0x12fa9:$a11: KeyLoggerEventArgsEventHandler
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b094:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a27d:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a6c4:$a4: \Orbitum\User Data\Default\Login Data 0x1b845:$a5: \Kometa\User Data\Default\Login Data
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14725:$s1: UnHook 0x1472c:$s2: SetHook 0x14734:$s3: CallNextHook 0x14741:$s4: _hook
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18794:$x1: $%SMTPDV$ 0x17456:$x2: $#TheHashHere%& 0x1873c:$x3: %FTPDV$ 0x17438:$x4: $%TelegramDv$ 0x14da9:$x5: KeyLoggerEventArgs 0x1513f:$x5: KeyLoggerEventArgs 0x187c0:$m1: \| Snake Keylogger 0x18866:$m1: \| Snake Keylogger 0x189ba:$m1: \| Snake Keylogger 0x18ae0:$m1: \| Snake Keylogger 0x18c3a:$m1: \| Snake Keylogger 0x18760:$m2: Clipboard Logs ID 0x18970:$m2: Screenshot Logs ID 0x18a84:$m2: keystroke Logs ID 0x18c70:$m3: SnakePW 0x18948:$m4: \SnakeKeylogger\
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x13bab:$a1: get_encryptedPassword 0x13e97:$a2: get_encryptedUsername 0x139b7:$a3: get_timePasswordChanged 0x13ab2:$a4: get_passwordField 0x13bc1:$a5: set_encryptedPassword 0x151dc:$a7: get_logins 0x1513f:$a10: KeyLoggerEventArgs 0x14da9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b094:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a27d:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a6c4:$a4: \Orbitum\User Data\Default\Login Data 0x1b845:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14725:$s1: UnHook 0x1472c:$s2: SetHook 0x14734:$s3: CallNextHook 0x14741:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18794:$x1: $%SMTPDV$ 0x17456:$x2: $#TheHashHere%& 0x1873c:$x3: %FTPDV$ 0x17438:$x4: $%TelegramDv$ 0x14da9:$x5: KeyLoggerEventArgs 0x1513f:$x5: KeyLoggerEventArgs 0x187c0:$m1: \| Snake Keylogger 0x18866:$m1: \| Snake Keylogger 0x189ba:$m1: \| Snake Keylogger 0x18ae0:$m1: \| Snake Keylogger 0x18c3a:$m1: \| Snake Keylogger 0x18760:$m2: Clipboard Logs ID 0x18970:$m2: Screenshot Logs ID 0x18a84:$m2: keystroke Logs ID 0x18c70:$m3: SnakePW 0x18948:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x13bab:$a1: get_encryptedPassword 0x13e97:$a2: get_encryptedUsername 0x139b7:$a3: get_timePasswordChanged 0x13ab2:$a4: get_passwordField 0x13bc1:$a5: set_encryptedPassword 0x151dc:$a7: get_logins 0x1513f:$a10: KeyLoggerEventArgs 0x14da9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3e0b4:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3d29d:$a3: \Google\Chrome\User Data\Default\Login Data 0x3d6e4:$a4: \Orbitum\User Data\Default\Login Data 0x3e865:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x37745:$s1: UnHook 0x3774c:$s2: SetHook 0x37754:$s3: CallNextHook 0x37761:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x3b7b4:$x1: $%SMTPDV$ 0x3a476:$x2: $#TheHashHere%& 0x3b75c:$x3: %FTPDV$ 0x3a458:$x4: $%TelegramDv$ 0x37dc9:$x5: KeyLoggerEventArgs 0x3815f:$x5: KeyLoggerEventArgs 0x3b7e0:$m1: \| Snake Keylogger 0x3b886:$m1: \| Snake Keylogger 0x3b9da:$m1: \| Snake Keylogger 0x3bb00:$m1: \| Snake Keylogger 0x3bc5a:$m1: \| Snake Keylogger 0x3b780:$m2: Clipboard Logs ID 0x3b990:$m2: Screenshot Logs ID 0x3baa4:$m2: keystroke Logs ID 0x3bc90:$m3: SnakePW 0x3b968:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x36bcb:$a1: get_encryptedPassword 0x36eb7:$a2: get_encryptedUsername 0x369d7:$a3: get_timePasswordChanged 0x36ad2:$a4: get_passwordField 0x36be1:$a5: set_encryptedPassword 0x381fc:$a7: get_logins 0x3815f:$a10: KeyLoggerEventArgs 0x37dc9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x7b6d4:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x7a8bd:$a3: \Google\Chrome\User Data\Default\Login Data 0x7ad04:$a4: \Orbitum\User Data\Default\Login Data 0x7be85:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x74d65:$s1: UnHook 0x74d6c:$s2: SetHook 0x74d74:$s3: CallNextHook 0x74d81:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x78dd4:$x1: $%SMTPDV$ 0x77a96:$x2: $#TheHashHere%& 0x78d7c:$x3: %FTPDV$ 0x77a78:$x4: $%TelegramDv$ 0x753e9:$x5: KeyLoggerEventArgs 0x7577f:$x5: KeyLoggerEventArgs 0x78e00:$m1: \| Snake Keylogger 0x78ea6:$m1: \| Snake Keylogger 0x78ffa:$m1: \| Snake Keylogger 0x79120:$m1: \| Snake Keylogger 0x7927a:$m1: \| Snake Keylogger 0x78da0:$m2: Clipboard Logs ID 0x78fb0:$m2: Screenshot Logs ID 0x790c4:$m2: keystroke Logs ID 0x792b0:$m3: SnakePW 0x78f88:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x741eb:$a1: get_encryptedPassword 0x744d7:$a2: get_encryptedUsername 0x73ff7:$a3: get_timePasswordChanged 0x740f2:$a4: get_passwordField 0x74201:$a5: set_encryptedPassword 0x7581c:$a7: get_logins 0x7577f:$a10: KeyLoggerEventArgs 0x753e9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0xd4d85:$s1: UnHook 0xd4d8c:$s2: SetHook 0xd4d94:$s3: CallNextHook 0xd4da1:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xd8df4:$x1: $%SMTPDV$ 0xd7ab6:$x2: $#TheHashHere%& 0xd8d9c:$x3: %FTPDV$ 0xd7a98:$x4: $%TelegramDv$ 0xd5409:$x5: KeyLoggerEventArgs 0xd579f:$x5: KeyLoggerEventArgs 0xd8e20:$m1: \| Snake Keylogger 0xd8ec6:$m1: \| Snake Keylogger 0xd901a:$m1: \| Snake Keylogger 0xd9140:$m1: \| Snake Keylogger 0xd929a:$m1: \| Snake Keylogger 0xd8dc0:$m2: Clipboard Logs ID 0xd8fd0:$m2: Screenshot Logs ID 0xd90e4:$m2: keystroke Logs ID 0xd92d0:$m3: SnakePW 0xd8fa8:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xd420b:$a1: get_encryptedPassword 0xd44f7:$a2: get_encryptedUsername 0xd4017:$a3: get_timePasswordChanged 0xd4112:$a4: get_passwordField 0xd4221:$a5: set_encryptedPassword 0xd583c:$a7: get_logins 0xd579f:$a10: KeyLoggerEventArgs 0xd5409:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14725:$s1: UnHook 0x27841d:$s1: UnHook 0x1472c:$s2: SetHook 0x278424:$s2: SetHook 0x14734:$s3: CallNextHook 0x27842c:$s3: CallNextHook 0x14741:$s4: _hook 0x278439:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18794:$x1: $%SMTPDV$ 0x27c48c:$x1: $%SMTPDV$ 0x17456:$x2: $#TheHashHere%& 0x27b14e:$x2: $#TheHashHere%& 0x1873c:$x3: %FTPDV$ 0x27c434:$x3: %FTPDV$ 0x17438:$x4: $%TelegramDv$ 0x27b130:$x4: $%TelegramDv$ 0x14da9:$x5: KeyLoggerEventArgs 0x1513f:$x5: KeyLoggerEventArgs 0x278aa1:$x5: KeyLoggerEventArgs 0x278e37:$x5: KeyLoggerEventArgs 0x187c0:$m1: \| Snake Keylogger 0x18866:$m1: \| Snake Keylogger 0x189ba:$m1: \| Snake Keylogger 0x18ae0:$m1: \| Snake Keylogger 0x18c3a:$m1: \| Snake Keylogger 0x27c4b8:$m1: \| Snake Keylogger 0x27c55e:$m1: \| Snake Keylogger 0x27c6b2:$m1: \| Snake Keylogger 0x27c7d8:$m1: \| Snake Keylogger
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x13bab:$a1: get_encryptedPassword 0x2778a3:$a1: get_encryptedPassword 0x13e97:$a2: get_encryptedUsername 0x277b8f:$a2: get_encryptedUsername 0x139b7:$a3: get_timePasswordChanged 0x2776af:$a3: get_timePasswordChanged 0x13ab2:$a4: get_passwordField 0x2777aa:$a4: get_passwordField 0x13bc1:$a5: set_encryptedPassword 0x2778b9:$a5: set_encryptedPassword 0x151dc:$a7: get_logins 0x278ed4:$a7: get_logins 0x1513f:$a10: KeyLoggerEventArgs 0x278e37:$a10: KeyLoggerEventArgs 0x14da9:$a11: KeyLoggerEventArgsEventHandler 0x278aa1:$a11: KeyLoggerEventArgsEventHandler
Click to see the 55 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check - Source IP: 192.168.2.3 - Destination IP: 132.226.8.169

Timestamp:	192.168.2.3132.226.8.16949745802842536 08/11/22-05:32:21.323901
SID:	2842536
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Virustotal: Detection: 16%

Perma Link

Machine Learning detection for sample

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Joe Sandbox ML: detected

Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack

Avira: Label: TR/ATRAPS.Gen

Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram Token": "5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU", "Telegram ID": "5350445922"}

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3319h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7CF1h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EFAE1h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E62E1h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E48D1h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE0A9h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E85A1h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6B91h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5181h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE981h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3771h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E8149h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6739h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4D29h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE529h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4021h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E89F9h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6FE9h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E55D9h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EEDD9h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3BC9h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7899h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EF689h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5E89h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4479h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7441h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5A31h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EF231h
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2842536 ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check 192.168.2.3:49745 -> 132.226.8.169:80

May check the online IP address of the machine

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org

Yara detected Generic Downloader

Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE

Source: Joe Sandbox View

ASN Name: UTMEMUS UTMEMUS

Source: Joe Sandbox View

IP Address: 132.226.8.169 132.226.8.169

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org4
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244944693.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://en.wT
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241548753.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241643484.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.comhcB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	String found in binary or memory: http://philiphanson.org/medius/book/1.0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	String found in binary or memory: http://philiphanson.org/medius/temp-transform
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com.9
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comD
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comO
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comP
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comTC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comX
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coma
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comn-ug
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.como.
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comubh
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247899736.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249212196.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247599965.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248316005.0000000005468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html(
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249124611.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers5
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249612104.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249521915.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersV
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249347532.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersa
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254479324.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259791263.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255468860.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255512656.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259750301.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259972416.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254531502.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254663310.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255575317.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254568643.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260234535.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260027135.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260132985.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254400877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259851842.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269537935.000000000544C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254635868.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259562054.000000000544A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersico
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248087830.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248047250.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designerss
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFq
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comW.TTF.
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comalsm
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdTTF
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comgretaU
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comsiv
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243623220.0000000005425000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243492789.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243524363.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243744160.000000000542B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.252246557.000000000542C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.krF
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.come
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krK
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krp
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comY
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.nete
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netsiv
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnP
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnX
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cna
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnb
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cny
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot

Source: unknown

DNS traffic detected: queries for: checkip.dyndns.org

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250C214
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250EBB2
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250EBB8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F006B4
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F037F1
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_06C96338
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3070
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7A48
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E0040
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF838
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6038
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4628
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EDE00
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E82F8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E68E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4ED8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE6D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E34C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7EA0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067ED098
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6490
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4A80
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE280
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3D78
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EB770
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8750
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6D40
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5330
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEB30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3920
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E75F0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF3E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5BE0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E41D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8BA8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC398
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7198
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5788
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEF88
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4A70
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE271
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3060
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7A3A
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E0033
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E602A
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF828
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC020
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4618
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC00F
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E82E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E68D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4EC8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE6C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EB6C9
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E34B8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7E90
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6482
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5778
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEF79
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3D68
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8741
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6D30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEB20
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5321
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3910
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EDDF0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E75E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5BDA
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF3D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E41C0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7188

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Virustotal: Detection: 16%

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe "C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe"
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@2/1

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, Main.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.f0000.0.unpack, Main.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, ??zu07b4?/zu060c???.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, u07bbufffd??ufffd/ufffd???ufffd.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static file information: File size 1129472 > 1048576

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, Main.cs	.Net Code: SafeHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.f0000.0.unpack, Main.cs	.Net Code: SafeHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250DA13 push edi; retf
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F0D7A0 push es; ret
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_06C9B291 push D4070C25h; iretd

Source: initial sample

Static PE information: section name: .text entropy: 7.350037504164019

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File created: \tufan yaz#u011ean - kredi kart#u0131 hesap #u00d6zeti - 45431108.exe
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File created: \tufan yaz#u011ean - kredi kart#u0131 hesap #u00d6zeti - 45431108.exe

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe TID: 5680	Thread sleep time: -45877s >= -30000s
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe TID: 6048	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Thread delayed: delay time: 45877
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Thread delayed: delay time: 922337203685477

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Code function: 4_2_067E2D81 LdrInitializeThunk,

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, u07bbufffd??ufffd/ufffd???ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, ????U/?????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Memory written: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe base: 400000 value starts with: 4D5A

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Native API	Path Interception	111 Process Injection	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	111 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	12 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	3 Obfuscated Files or Information	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	12 Software Packing	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	17%	Virustotal		Browse
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	100%	Avira	TR/ATRAPS.Gen		Download File

Domains

Source	Detection	Scanner	Label	Link
checkip.dyndns.com	0%	Virustotal		Browse
checkip.dyndns.org	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://www.sandoll.co.kr8	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://fontfabrik.comhcB	0%	Avira URL Cloud	safe
http://www.fontbureau.comsiv	0%	URL Reputation	safe
http://www.typography.netsiv	0%	Avira URL Cloud	safe
http://en.wT	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://checkip.dyndns.org4	0%	URL Reputation	safe
http://www.carterandcone.comB	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://www.carterandcone.comD	0%	URL Reputation	safe
http://www.carterandcone.com8	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://www.fontbureau.com0	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.krK	0%	Avira URL Cloud	safe
http://www.carterandcone.comP	0%	URL Reputation	safe
http://www.carterandcone.comO	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.fontbureau.comalsm	0%	Avira URL Cloud	safe
http://checkip.dyndns.com	0%	URL Reputation	safe
http://www.carterandcone.comn-ug	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.sajatypeworks.come	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sandoll.co.krB	0%	Avira URL Cloud	safe
http://www.fontbureau.comC	0%	Avira URL Cloud	safe
http://www.carterandcone.coma	0%	URL Reputation	safe
http://www.typography.nete	0%	URL Reputation	safe
http://philiphanson.org/medius/book/1.0	0%	Avira URL Cloud	safe
http://www.carterandcone.comTC	0%	URL Reputation	safe
http://www.carterandcone.comX	0%	URL Reputation	safe
http://philiphanson.org/medius/temp-transform	0%	Avira URL Cloud	safe
http://www.sandoll.co.krp	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cny	0%	Avira URL Cloud	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.goodfont.co.krF	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.carterandcone.comubh	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cnb	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cna	0%	URL Reputation	safe
http://www.fontbureau.comFq	0%	Avira URL Cloud	safe
http://www.tiro.comY	0%	Avira URL Cloud	safe
http://www.fontbureau.comdTTF	0%	URL Reputation	safe
http://www.zhongyicts.com.cnX	0%	Avira URL Cloud	safe
http://www.carterandcone.com.9	0%	Avira URL Cloud	safe
http://www.fontbureau.comgretaU	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.comW.TTF.	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cnP	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
checkip.dyndns.com	132.226.8.169	true	true	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	true	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/frere-jones.html(	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248316005.0000000005468000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr8	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.comhcB	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/bot	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers?	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comsiv	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersC	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249612104.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249521915.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.netsiv	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://en.wT	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244944693.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersV	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247899736.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249212196.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247599965.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org4	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comB	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.252246557.000000000542C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241548753.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241643484.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comD	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersa	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249347532.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.com8	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org/q	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com0	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.krK	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comP	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comO	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comalsm	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comn-ug	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.como.	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.come	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.krB	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comC	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designerss	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248087830.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248047250.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersr	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.coma	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.nete	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://philiphanson.org/medius/book/1.0	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comTC	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comX	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://philiphanson.org/medius/temp-transform	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.krp	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cny	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersico	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254479324.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259791263.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255468860.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255512656.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259750301.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259972416.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254531502.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254663310.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255575317.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254568643.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260234535.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260027135.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260132985.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254400877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259851842.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269537935.000000000544C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254635868.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259562054.000000000544A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.coma	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.krF	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comubh	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243623220.0000000005425000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243492789.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243524363.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243744160.000000000542B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cnb	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cna	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comFq	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.comY	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comdTTF	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cnX	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.com.9	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.comgretaU	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comW.TTF.	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers8	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cnP	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers5	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249124611.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
132.226.8.169	checkip.dyndns.com	United States		16989	UTMEMUS	true

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	682142
Start date and time:	2022-08-11 05:31:06 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 53s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@2/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 23.211.6.115
Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:32:16	API Interceptor	2x Sleep call for process: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe modified

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.log

Download File

Process:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1308
Entropy (8bit):	5.345811588615766
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
MD5:	2E016B886BDB8389D2DD0867BE55F87B
SHA1:	25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
SHA-256:	1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
SHA-512:	C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.932869956848806
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
File size:	1129472
MD5:	687eaf8fd9a58cf46574aef19dafc169
SHA1:	cd557296fdbb180f7ff621740194358c35f40df2
SHA256:	29dde4dac348711a623a7a26f912d95fa2049f8853fa60b2dc4b2ab1fa977302
SHA512:	f1890e2bb4c5b551a450f1c8a9affd63f26f9ecda9e0465aa8829e872b177219317b9afae6b32a4b8be244b243b2c68bdcb7cfcded0ed31f027e302986718c8f
SSDEEP:	24576:MvM4vwHmQl8DmpSsbcnT9FlpvurMm8go/2gi:M/D6bcjrWrfo/
TLSH:	0F355CDEB194C89BDD6606B1FC1A54F02593BD98F060C40F699B7E2676B334E205FE0A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.b..............0.................. ........@.. ....................................@................................

File Icon


Icon Hash:	aeacae8eb6a2be00

Static PE Info

General

Entrypoint:	0x4cca82
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x62F45915 [Thu Aug 11 01:19:17 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xcca30	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xce000	0x48b24	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x118000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xcaa88	0xcac00	False	0.6428550786066585	data	7.350037504164019	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xce000	0x48b24	0x48c00	False	0.06349669780927836	data	4.768917727242542	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x118000	0xc	0x200	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0xce310	0x668	data
RT_ICON	0xce978	0x2e8	data
RT_ICON	0xcec60	0x128	GLS_BINARY_LSB_FIRST
RT_ICON	0xced88	0xea8	data
RT_ICON	0xcfc30	0x8a8	dBase III DBT, version number 0, next free block index 40
RT_ICON	0xd04d8	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0xd0a40	0x42028	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x112a68	0x25a8	data
RT_ICON	0x115010	0x10a8	data
RT_ICON	0x1160b8	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x116520	0x92	data
RT_GROUP_ICON	0x1165b4	0x14	data
RT_VERSION	0x1165c8	0x370	data
RT_MANIFEST	0x116938	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.3132.226.8.16949745802842536 08/11/22-05:32:21.323901	TCP	2842536	ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check	49745	80	192.168.2.3	132.226.8.169

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2022 05:32:21.021357059 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:32:21.323322058 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:32:21.323407888 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:32:21.323900938 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:32:21.626029968 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:32:21.626570940 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:32:21.686259031 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:33:26.626835108 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:33:26.626939058 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:34:01.650320053 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:34:01.952864885 CEST	80	49745	132.226.8.169	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2022 05:32:20.940514088 CEST	49316	53	192.168.2.3	8.8.8.8
Aug 11, 2022 05:32:20.958225965 CEST	53	49316	8.8.8.8	192.168.2.3
Aug 11, 2022 05:32:20.976407051 CEST	56417	53	192.168.2.3	8.8.8.8
Aug 11, 2022 05:32:20.995256901 CEST	53	56417	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 11, 2022 05:32:20.940514088 CEST	192.168.2.3	8.8.8.8	0xa1fa	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.976407051 CEST	192.168.2.3	8.8.8.8	0x12bc	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49745	132.226.8.169	80	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 05:32:21.323900938 CEST	1026	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Aug 11, 2022 05:32:21.626570940 CEST	1026	IN	HTTP/1.1 200 OK Date: Thu, 11 Aug 2022 03:32:21 GMT Content-Type: text/html Content-Length: 105 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.143.3</body></html>

Target ID:	0
Start time:	05:32:03
Start date:	11/08/2022
Path:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe"
Imagebase:	0xf0000
File size:	1129472 bytes
MD5 hash:	687EAF8FD9A58CF46574AEF19DAFC169
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Analysis Process: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exePID: 4592, Parent PID: 5912

General

Target ID:	4
Start time:	05:32:17
Start date:	11/08/2022
Path:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Imagebase:	0xdd0000
File size:	1129472 bytes
MD5 hash:	687EAF8FD9A58CF46574AEF19DAFC169
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Disassembly

⊘No disassembly

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDoncepre.dll@ vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271717491.0000000002626000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271410326.00000000025A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.280763595.0000000006EF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000000.236415106.00000000001C2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameELEMD.exe. vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.281062016.0000000007250000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDoncepre.dll@ vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.281037436.0000000007110000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260670018.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.267300036.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.502317619.00000000012F7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Binary or memory string: OriginalFilenameELEMD.exe. vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre