Loading ...

Play interactive tourEdit tour

Analysis Report NEW URGENT ENQUIRY.exe

Overview

General Information

Sample Name:NEW URGENT ENQUIRY.exe
Analysis ID:433269
MD5:151ec82864cc859f03be0cb572f30357
SHA1:b93f14d8b0eb8e0c12da8e8d4afcd9048a8228a2
SHA256:1d5221667b8424ccbc7ecc85a7067dc264ac31ff97dfee76a080b7280b60d1e2
Tags:exe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains very large array initializations
Contains functionality to register a low level keyboard hook
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Moves itself to temp directory
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • NEW URGENT ENQUIRY.exe (PID: 6068 cmdline: 'C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe' MD5: 151EC82864CC859F03BE0CB572F30357)
    • NEW URGENT ENQUIRY.exe (PID: 996 cmdline: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe MD5: 151EC82864CC859F03BE0CB572F30357)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "staffs@globaloffs-site.com", "Password": "yLxCDRZ2", "Host": "smtp.globaloffs-site.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.NEW URGENT ENQUIRY.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              2.2.NEW URGENT ENQUIRY.exe.400000.0.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                2.0.NEW URGENT ENQUIRY.exe.400000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  2.0.NEW URGENT ENQUIRY.exe.400000.1.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 3 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "staffs@globaloffs-site.com", "Password": "yLxCDRZ2", "Host": "smtp.globaloffs-site.com"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: NEW URGENT ENQUIRY.exeVirustotal: Detection: 17%Perma Link
                      Source: NEW URGENT ENQUIRY.exeReversingLabs: Detection: 15%
                      Source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpackAvira: Label: TR/Spy.Gen8
                      Source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\SfoRqJOtzx\src\obj\Debug\CultureNotFoundException.pdb source: NEW URGENT ENQUIRY.exe

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.3:49740 -> 208.91.199.223:587
                      Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.3:49741 -> 208.91.199.223:587
                      Source: global trafficTCP traffic: 192.168.2.3:49740 -> 208.91.199.223:587
                      Source: Joe Sandbox ViewIP Address: 208.91.199.223 208.91.199.223
                      Source: global trafficTCP traffic: 192.168.2.3:49740 -> 208.91.199.223:587
                      Source: unknownDNS traffic detected: queries for: smtp.globaloffs-site.com
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpString found in binary or memory: http://NDGIhc.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256200637.0000000002DE1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.488057004.0000000002EC7000.00000004.00000001.sdmpString found in binary or memory: http://smtp.globaloffs-site.com
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.488057004.0000000002EC7000.00000004.00000001.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.227425957.00000000064F4000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.227425957.00000000064F4000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coma
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.227425957.00000000064F4000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.y
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comepkove
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comlvfet
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comm
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.223408017.000000000650B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comic
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000003.226732497.00000000064FB000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.227032807.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.226566075.00000000064FB000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnC
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.226566075.00000000064FB000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnO
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.237562823.00000000064F6000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.238005587.00000000064FC000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.225659107.00000000064F4000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.krk
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.225659107.00000000064F4000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kromn-u
                      Source: NEW URGENT ENQUIRY.exeString found in binary or memory: http://www.google.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.239117913.000000000650B000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000003.222962451.0000000006510000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.223035538.000000000650B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comC
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.223095812.0000000006510000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comQ
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.229531353.000000000652D000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.comx
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.227032807.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.compe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000003.227370301.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.227370301.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cna
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000003.227370301.00000000064F5000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnobtGd
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.487938550.0000000002EBD000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000003.459907787.0000000000E54000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000002.488100577.0000000002ECF000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000002.487619204.0000000002E7F000.00000004.00000001.sdmpString found in binary or memory: https://wEpeG8K7Dd1RoPgNaN.net
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Contains functionality to register a low level keyboard hookShow sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_05F30548 SetWindowsHookExW 0000000D,00000000,?,?2_2_05F30548
                      Installs a global keyboard hookShow sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary:

                      barindex
                      .NET source code contains very large array initializationsShow sources
                      Source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack, u003cPrivateImplementationDetailsu003eu007bEEF7DB11u002d6E24u002d4341u002dAE73u002d2F4D50EEAB51u007d/u00392C65D43u002dD276u002d47C4u002d933Fu002d83968019CB33.csLarge array initialization: .cctor: array initializer size 12004
                      Source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bEEF7DB11u002d6E24u002d4341u002dAE73u002d2F4D50EEAB51u007d/u00392C65D43u002dD276u002d47C4u002d933Fu002d83968019CB33.csLarge array initialization: .cctor: array initializer size 12004
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: NEW URGENT ENQUIRY.exe
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 0_2_02D3C2B00_2_02D3C2B0
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 0_2_02D399A00_2_02D399A0
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106F7772_3_0106F777
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106F7772_3_0106F777
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106F7772_3_0106F777
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106F7772_3_0106F777
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C5CA02_2_009C5CA0
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C30582_2_009C3058
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009CCAF02_2_009CCAF0
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C7AE42_2_009C7AE4
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C1E082_2_009C1E08
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C9F182_2_009C9F18
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009CCF282_2_009CCF28
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C1D682_2_009C1D68
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C0F102_2_009C0F10
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C17602_2_009C1760
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_05F3DC582_2_05F3DC58
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_05F3C1702_2_05F3C170
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_007020502_2_00702050
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: NEW URGENT ENQUIRY.exeBinary or memory string: OriginalFilename vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.262641479.00000000083E0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKygo.dll* vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.262569724.0000000008350000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameOZWuzhPLWfsNQXODEJoJsAO.exe4 vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.254338028.0000000000A26000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCultureNotFoundException.exe6 vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exeBinary or memory string: OriginalFilename vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000000.247338142.00000000007C6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCultureNotFoundException.exe6 vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameOZWuzhPLWfsNQXODEJoJsAO.exe4 vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.482424362.0000000000CF8000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exeBinary or memory string: OriginalFilenameCultureNotFoundException.exe6 vs NEW URGENT ENQUIRY.exe
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@2/2
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW URGENT ENQUIRY.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
                      Source: NEW URGENT ENQUIRY.exeVirustotal: Detection: 17%
                      Source: NEW URGENT ENQUIRY.exeReversingLabs: Detection: 15%
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile read: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe:Zone.IdentifierJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe 'C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe'
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess created: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess created: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: NEW URGENT ENQUIRY.exeStatic file information: File size 1549824 > 1048576
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x151e00
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: NEW URGENT ENQUIRY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\SfoRqJOtzx\src\obj\Debug\CultureNotFoundException.pdb source: NEW URGENT ENQUIRY.exe
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 0_2_009673C3 push 0000006Fh; ret 0_2_009673CE
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 0_2_009667F4 push es; ret 0_2_009667FC
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106CB34 push esp; retf 2_3_0106CB35
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106CB34 push esp; retf 2_3_0106CB35
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_01077341 push ss; ret 2_3_01077342
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_01077341 push ss; ret 2_3_01077342
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0107A374 push ss; ret 2_3_0107A391
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0107A374 push ss; ret 2_3_0107A391
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106CB34 push esp; retf 2_3_0106CB35
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0106CB34 push esp; retf 2_3_0106CB35
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_01077341 push ss; ret 2_3_01077342
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_01077341 push ss; ret 2_3_01077342
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0107A374 push ss; ret 2_3_0107A391
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_3_0107A374 push ss; ret 2_3_0107A391
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_007067F2 push es; ret 2_2_007067FC
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_007073C3 push 0000006Fh; ret 2_2_007073CE
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.39671386262

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Moves itself to temp directoryShow sources
                      Source: c:\users\user\desktop\new urgent enquiry.exeFile moved: C:\Users\user\AppData\Local\Temp\tmpG263.tmpJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NEW URGENT ENQUIRY.exe PID: 6068, type: MEMORY
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 240000Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239859Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239640Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239500Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239390Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239265Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239125Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238984Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238484Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238375Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238250Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238140Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238031Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237922Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237500Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237359Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237234Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237125Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237015Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236578Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236437Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236328Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236219Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236109Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235984Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235844Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235687Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235578Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235422Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235297Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235172Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235000Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234609Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234484Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234344Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234234Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234109Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233953Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233844Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233734Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233390Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233265Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233140Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233015Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232906Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232375Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232265Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232140Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231969Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231859Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231406Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231281Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231156Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231047Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230906Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230781Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230640Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230500Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230390Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230250Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230094Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229937Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229828Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229719Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229578Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229469Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229344Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229219Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229094Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228984Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228859Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228406Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228250Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228125Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228015Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227656Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227531Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227422Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227312Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227203Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227094Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 226344Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWindow / User API: threadDelayed 2916Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWindow / User API: threadDelayed 3746Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWindow / User API: threadDelayed 5042Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWindow / User API: threadDelayed 4764Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -239859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -239750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -239640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -239500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -239390s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -239265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -239125s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238375s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -238031s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -237922s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -237500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -237359s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -237234s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -237125s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -237015s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -236875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -236750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -236578s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -236437s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -236328s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -236219s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -236109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235687s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235578s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235297s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235172s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -235000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -234875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -234750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -234609s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -234484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -234344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -234234s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -234109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233953s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233734s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233390s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -233015s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -232906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -232750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -232625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -232515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -232375s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -232265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -232140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231969s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231281s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231156s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -231047s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -230906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -230781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -230640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -230500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -230390s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -230250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -230094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229937s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229719s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229578s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229469s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229219s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 5504Thread sleep time: -101713s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -229094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228125s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -228015s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -227875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -227656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -227531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -227422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -227312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -227203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -227094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 2168Thread sleep time: -226344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 5624Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 5820Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 3632Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 3144Thread sleep count: 5042 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe TID: 3144Thread sleep count: 4764 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 240000Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239859Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239640Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239500Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239390Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239265Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 239125Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238984Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238484Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238375Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238250Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238140Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 238031Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237922Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237500Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237359Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237234Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237125Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 237015Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236578Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236437Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236328Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236219Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 236109Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235984Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235844Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235687Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235578Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235422Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235297Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235172Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 235000Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234609Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234484Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234344Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234234Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 234109Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233953Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233844Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233734Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233390Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233265Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233140Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 233015Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232906Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232375Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232265Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 232140Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231969Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231859Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231406Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231281Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231156Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 231047Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230906Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230781Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230640Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230500Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230390Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230250Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 230094Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229937Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229828Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229719Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229578Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229469Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229344Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229219Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 101713Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 229094Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228984Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228859Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228750Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228625Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228515Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228406Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228250Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228125Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 228015Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227875Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227656Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227531Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227422Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227312Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227203Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 227094Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 226344Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
                      Source: NEW URGENT ENQUIRY.exeBinary or memory string: Hyper-V RAW
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: VMWARE
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: NEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000003.478784358.0000000001084000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeCode function: 2_2_009C3058 LdrInitializeThunk,2_2_009C3058
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeMemory written: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeProcess created: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeJump to behavior
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485008837.0000000001460000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485008837.0000000001460000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485008837.0000000001460000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: NEW URGENT ENQUIRY.exe, 00000002.00000002.485008837.0000000001460000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NEW URGENT ENQUIRY.exe PID: 6068, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NEW URGENT ENQUIRY.exe PID: 996, type: MEMORY
                      Source: Yara matchFile source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\Desktop\NEW URGENT ENQUIRY.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Yara matchFile source: 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NEW URGENT ENQUIRY.exe PID: 996, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NEW URGENT ENQUIRY.exe PID: 6068, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NEW URGENT ENQUIRY.exe PID: 996, type: MEMORY
                      Source: Yara matchFile source: 2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.NEW URGENT ENQUIRY.exe.3e911b0.2.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Path InterceptionProcess Injection112Masquerading11OS Credential Dumping2Query Registry1Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1Input Capture21Security Software Discovery211Remote Desktop ProtocolInput Capture21Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion131Credentials in Registry1Process Discovery2SMB/Windows Admin SharesArchive Collected Data11Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection112NTDSVirtualization/Sandbox Evasion131Distributed Component Object ModelData from Local System2Scheduled TransferApplication Layer Protocol11SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsApplication Window Discovery1SSHClipboard Data1Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing2DCSyncSystem Information Discovery114Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      NEW URGENT ENQUIRY.exe17%VirustotalBrowse
                      NEW URGENT ENQUIRY.exe15%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.0.NEW URGENT ENQUIRY.exe.400000.1.unpack100%AviraTR/Spy.Gen8Download File
                      2.2.NEW URGENT ENQUIRY.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      smtp.globaloffs-site.com1%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.founder.com.cn/cnO0%Avira URL Cloudsafe
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      https://wEpeG8K7Dd1RoPgNaN.net0%Avira URL Cloudsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.sajatypeworks.comC0%Avira URL Cloudsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.carterandcone.como.y0%Avira URL Cloudsafe
                      http://www.fontbureau.comepkove0%Avira URL Cloudsafe
                      http://www.sakkal.comx0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cnC0%URL Reputationsafe
                      http://www.founder.com.cn/cnC0%URL Reputationsafe
                      http://www.founder.com.cn/cnC0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://www.fonts.comic0%URL Reputationsafe
                      http://www.fonts.comic0%URL Reputationsafe
                      http://www.fonts.comic0%URL Reputationsafe
                      http://www.sajatypeworks.comQ0%Avira URL Cloudsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.goodfont.co.krk0%Avira URL Cloudsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://NDGIhc.com0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      http://www.carterandcone.coma0%URL Reputationsafe
                      http://www.carterandcone.coma0%URL Reputationsafe
                      http://www.carterandcone.coma0%URL Reputationsafe
                      http://www.galapagosdesign.com/0%URL Reputationsafe
                      http://www.galapagosdesign.com/0%URL Reputationsafe
                      http://www.galapagosdesign.com/0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      http://www.tiro.compe0%Avira URL Cloudsafe
                      http://www.fontbureau.coma0%URL Reputationsafe
                      http://www.fontbureau.coma0%URL Reputationsafe
                      http://www.fontbureau.coma0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.founder.com.cn/cn/0%URL Reputationsafe
                      http://www.founder.com.cn/cn/0%URL Reputationsafe
                      http://www.founder.com.cn/cn/0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cna0%Avira URL Cloudsafe
                      http://www.zhongyicts.com.cnobtGd0%Avira URL Cloudsafe
                      http://www.monotype.0%URL Reputationsafe
                      http://www.monotype.0%URL Reputationsafe
                      http://www.monotype.0%URL Reputationsafe
                      http://www.fontbureau.comlvfet0%URL Reputationsafe
                      http://www.fontbureau.comlvfet0%URL Reputationsafe
                      http://www.fontbureau.comlvfet0%URL Reputationsafe
                      http://smtp.globaloffs-site.com0%Avira URL Cloudsafe
                      http://www.fontbureau.comm0%URL Reputationsafe
                      http://www.fontbureau.comm0%URL Reputationsafe
                      http://www.fontbureau.comm0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      us2.smtp.mailhostbox.com
                      208.91.199.223
                      truefalse
                        high
                        smtp.globaloffs-site.com
                        unknown
                        unknowntrueunknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.founder.com.cn/cnONEW URGENT ENQUIRY.exe, 00000000.00000003.226566075.00000000064FB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://127.0.0.1:HTTP/1.1NEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        low
                        http://www.fontbureau.com/designersGNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                          high
                          http://www.fontbureau.com/designers/?NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                            high
                            http://www.founder.com.cn/cn/bTheNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://us2.smtp.mailhostbox.comNEW URGENT ENQUIRY.exe, 00000002.00000002.488057004.0000000002EC7000.00000004.00000001.sdmpfalse
                              high
                              http://www.fontbureau.com/designers?NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                high
                                http://www.tiro.comNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://www.fontbureau.com/designersNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                  high
                                  https://wEpeG8K7Dd1RoPgNaN.netNEW URGENT ENQUIRY.exe, 00000002.00000002.487938550.0000000002EBD000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000003.459907787.0000000000E54000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000002.488100577.0000000002ECF000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000002.487619204.0000000002E7F000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.goodfont.co.krNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.sajatypeworks.comCNEW URGENT ENQUIRY.exe, 00000000.00000003.223035538.000000000650B000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.carterandcone.comNEW URGENT ENQUIRY.exe, 00000000.00000003.227425957.00000000064F4000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.carterandcone.como.yNEW URGENT ENQUIRY.exe, 00000000.00000003.227425957.00000000064F4000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.fontbureau.comepkoveNEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.sakkal.comxNEW URGENT ENQUIRY.exe, 00000000.00000003.229531353.000000000652D000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssNEW URGENT ENQUIRY.exe, 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmpfalse
                                    high
                                    http://www.founder.com.cn/cnCNEW URGENT ENQUIRY.exe, 00000000.00000003.226566075.00000000064FB000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.sajatypeworks.comNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000003.222962451.0000000006510000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.typography.netDNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.founder.com.cn/cn/cTheNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmNEW URGENT ENQUIRY.exe, 00000000.00000003.238005587.00000000064FC000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://fontfabrik.comNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.fonts.comicNEW URGENT ENQUIRY.exe, 00000000.00000003.223408017.000000000650B000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.sajatypeworks.comQNEW URGENT ENQUIRY.exe, 00000000.00000003.223095812.0000000006510000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.galapagosdesign.com/DPleaseNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.goodfont.co.krkNEW URGENT ENQUIRY.exe, 00000000.00000003.225659107.00000000064F4000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.fonts.comNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                      high
                                      http://www.sandoll.co.krNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.urwpp.deDPleaseNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.zhongyicts.com.cnNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000003.227370301.00000000064F5000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNEW URGENT ENQUIRY.exe, 00000000.00000002.256200637.0000000002DE1000.00000004.00000001.sdmpfalse
                                        high
                                        http://www.sakkal.comNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://NDGIhc.comNEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipNEW URGENT ENQUIRY.exe, 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://www.carterandcone.comaNEW URGENT ENQUIRY.exe, 00000000.00000003.227425957.00000000064F4000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://www.apache.org/licenses/LICENSE-2.0NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                          high
                                          http://www.fontbureau.comNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                            high
                                            http://www.galapagosdesign.com/NEW URGENT ENQUIRY.exe, 00000000.00000003.237562823.00000000064F6000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            http://DynDns.comDynDNSNEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haNEW URGENT ENQUIRY.exe, 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            http://www.tiro.compeNEW URGENT ENQUIRY.exe, 00000000.00000003.227032807.00000000064F5000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.fontbureau.comaNEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            http://www.carterandcone.comlNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            http://www.founder.com.cn/cn/NEW URGENT ENQUIRY.exe, 00000000.00000003.227032807.00000000064F5000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            http://www.fontbureau.com/designers/cabarga.htmlNNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                              high
                                              http://www.founder.com.cn/cnNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmp, NEW URGENT ENQUIRY.exe, 00000000.00000003.226732497.00000000064FB000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              http://www.fontbureau.com/designers/frere-jones.htmlNEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                                high
                                                http://www.zhongyicts.com.cnaNEW URGENT ENQUIRY.exe, 00000000.00000003.227370301.00000000064F5000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.zhongyicts.com.cnobtGdNEW URGENT ENQUIRY.exe, 00000000.00000003.227370301.00000000064F5000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.monotype.NEW URGENT ENQUIRY.exe, 00000000.00000003.239117913.000000000650B000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://www.fontbureau.comlvfetNEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://smtp.globaloffs-site.comNEW URGENT ENQUIRY.exe, 00000002.00000002.488057004.0000000002EC7000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.fontbureau.commNEW URGENT ENQUIRY.exe, 00000000.00000003.240825806.00000000064F5000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://www.jiyu-kobo.co.jp/NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://www.fontbureau.com/designers8NEW URGENT ENQUIRY.exe, 00000000.00000002.261993185.0000000007702000.00000004.00000001.sdmpfalse
                                                  high
                                                  http://www.goodfont.co.kromn-uNEW URGENT ENQUIRY.exe, 00000000.00000003.225659107.00000000064F4000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown

                                                  Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  208.91.199.223
                                                  us2.smtp.mailhostbox.comUnited States
                                                  394695PUBLIC-DOMAIN-REGISTRYUSfalse

                                                  Private

                                                  IP
                                                  192.168.2.1

                                                  General Information

                                                  Joe Sandbox Version:32.0.0 Black Diamond
                                                  Analysis ID:433269
                                                  Start date:11.06.2021
                                                  Start time:15:02:22
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 10m 5s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Sample file name:NEW URGENT ENQUIRY.exe
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:23
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:MAL
                                                  Classification:mal100.troj.spyw.evad.winEXE@3/2@2/2
                                                  EGA Information:Failed
                                                  HDC Information:
                                                  • Successful, ratio: 0% (good quality ratio 0%)
                                                  • Quality average: 45.2%
                                                  • Quality standard deviation: 37%
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 32
                                                  • Number of non-executed functions: 3
                                                  Cookbook Comments:
                                                  • Adjust boot time
                                                  • Enable AMSI
                                                  • Found application associated with file extension: .exe
                                                  Warnings:
                                                  Show All
                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                  • Excluded IPs from analysis (whitelisted): 92.122.145.220, 13.64.90.137, 168.61.161.212, 184.30.20.56, 20.50.102.62, 8.241.82.126, 8.238.36.126, 8.238.30.254, 8.238.29.126, 8.238.27.126, 20.54.26.129, 92.122.213.247, 92.122.213.194, 20.82.209.183
                                                  • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ris-prod.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  15:03:19API Interceptor790x Sleep call for process: NEW URGENT ENQUIRY.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  208.91.199.223KC8ZMn81JC.exeGet hashmaliciousBrowse
                                                    Factura PO 1541973.exeGet hashmaliciousBrowse
                                                      SAUDI ARAMCO Tender Documents - BOQ and ITB.exeGet hashmaliciousBrowse
                                                        0PyeqVfoHGFVl2r.exeGet hashmaliciousBrowse
                                                          Urgent Contract Order GH78566484,pdf.exeGet hashmaliciousBrowse
                                                            ekrrUChjXvng9Vr.exeGet hashmaliciousBrowse
                                                              order 4806125050.xlsxGet hashmaliciousBrowse
                                                                BP4w3lADAPfOKmI.exeGet hashmaliciousBrowse
                                                                  PO -TXGU5022187.xlsxGet hashmaliciousBrowse
                                                                    FXDmHIiz25.exeGet hashmaliciousBrowse
                                                                      Urgent Contract Order GH7856648,pdf.exeGet hashmaliciousBrowse
                                                                        003BC09180600189.exeGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Scr.Malcodegdn30.30554.exeGet hashmaliciousBrowse
                                                                            MOQ FOB ORDER_________.exeGet hashmaliciousBrowse
                                                                              YR1eBxhF96.exeGet hashmaliciousBrowse
                                                                                Quote SEQTE00311701.xlsxGet hashmaliciousBrowse
                                                                                  sqQyO37l3c.exeGet hashmaliciousBrowse
                                                                                    Urgent RFQ_AP65425652_032421,pdf.exeGet hashmaliciousBrowse
                                                                                      INVOICE FOR PAYMENT_pdf____________________________________________.exeGet hashmaliciousBrowse
                                                                                        MOQ FOB ORDER.exeGet hashmaliciousBrowse

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          us2.smtp.mailhostbox.comRecibo de banco.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          KC8ZMn81JC.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.224
                                                                                          Factura PO 1541973.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          Urgent Contract Order GH7856648,pdf.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          NEW ORDER 112888#.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.224
                                                                                          SAUDI ARAMCO Tender Documents - BOQ and ITB.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          0PyeqVfoHGFVl2r.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          SecuriteInfo.com.MachineLearning.Anomalous.97.15449.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          lFccIK78FD.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          Urgent Contract Order GH78566484,pdf.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.225
                                                                                          MOQ FOB ORDER.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.225
                                                                                          JK6Ul6IKioPWJ6Y.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          ekrrUChjXvng9Vr.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          SecuriteInfo.com.Trojan.PackedNET.832.15445.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          order 4806125050.xlsxGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          SecuriteInfo.com.Trojan.PackedNET.831.28325.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.225
                                                                                          G8mumaTxk5kFdBG.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          Trial order 20210609.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.224
                                                                                          BP4w3lADAPfOKmI.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          4It7P3KCyYHUWHU.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.225

                                                                                          ASN

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          PUBLIC-DOMAIN-REGISTRYUSRecibo de banco.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          KC8ZMn81JC.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.224
                                                                                          audit-1133808478.xlsbGet hashmaliciousBrowse
                                                                                          • 43.225.55.182
                                                                                          Factura PO 1541973.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          Urgent Contract Order GH7856648,pdf.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          NEW ORDER 112888#.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.224
                                                                                          oRSxZhDFLi.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.225
                                                                                          SAUDI ARAMCO Tender Documents - BOQ and ITB.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          0PyeqVfoHGFVl2r.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          #U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTMGet hashmaliciousBrowse
                                                                                          • 207.174.212.247
                                                                                          SecuriteInfo.com.MachineLearning.Anomalous.97.15449.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          lFccIK78FD.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          Order10 06 2021.docGet hashmaliciousBrowse
                                                                                          • 162.215.241.145
                                                                                          PO187439.exeGet hashmaliciousBrowse
                                                                                          • 119.18.54.126
                                                                                          Urgent Contract Order GH78566484,pdf.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          MOQ FOB ORDER.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.225
                                                                                          JK6Ul6IKioPWJ6Y.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          ekrrUChjXvng9Vr.exeGet hashmaliciousBrowse
                                                                                          • 208.91.199.223
                                                                                          SecuriteInfo.com.Trojan.PackedNET.832.15445.exeGet hashmaliciousBrowse
                                                                                          • 208.91.198.143
                                                                                          order 4806125050.xlsxGet hashmaliciousBrowse
                                                                                          • 208.91.199.223

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW URGENT ENQUIRY.exe.log
                                                                                          Process:C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):1400
                                                                                          Entropy (8bit):5.344635889251176
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEg:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHV
                                                                                          MD5:394E646B019FF472CE37EE76A647A27F
                                                                                          SHA1:BD5872D88EE9CD2299B5F0E462C53D9E7040D6DA
                                                                                          SHA-256:2295A0B1F6ACD75FB5D038ADE65725EDF3DDF076107AEA93E4A864E35974AE2A
                                                                                          SHA-512:7E95510C85262998AECC9A06A73A5BF6352304AF6EE143EC7E48A17473773F33A96A2F4146446444789B8BCC9B83372A227DC89C3D326A2E142BCA1E1A9B4809
                                                                                          Malicious:true
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                                                                                          C:\Users\user\AppData\Roaming\3d4kzwat.thm\Chrome\Default\Cookies
                                                                                          Process:C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.6970840431455908
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                          MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                          SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                          SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                          SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                          Malicious:false
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Entropy (8bit):7.306874188608789
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                          File name:NEW URGENT ENQUIRY.exe
                                                                                          File size:1549824
                                                                                          MD5:151ec82864cc859f03be0cb572f30357
                                                                                          SHA1:b93f14d8b0eb8e0c12da8e8d4afcd9048a8228a2
                                                                                          SHA256:1d5221667b8424ccbc7ecc85a7067dc264ac31ff97dfee76a080b7280b60d1e2
                                                                                          SHA512:e44b05ec9123ee154f442c99701d5f782e41fac6761d8f3342d93303c325bbf56ef8c2c1437d6f187b2c7e1f92a71da1072d204b018f91abf8f780134b575a14
                                                                                          SSDEEP:24576:+fuNeBUdtwsEgwsAe/z8YEoqSg5LlJfHKdofUA125kuV3MM1zMIDsxTt8gYcL:yuwBUwsEgwsAe5U/BldqdosA125BIYcL
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P..............<... ...@....@.. ....................................@................................

                                                                                          File Icon

                                                                                          Icon Hash:e0c6a169f4bed870

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x553cba
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                          Time Stamp:0x60C3192E [Fri Jun 11 08:05:02 2021 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:v4.0.30319
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          jmp dword ptr [00402000h]
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x153c680x4f.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1540000x2837c.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x17e0000xc.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x153b300x1c.text
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x20000x151cc00x151e00False0.698621179014data7.39671386262IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0x1540000x2837c0x28400False0.599864130435data6.35305378662IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x17e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountry
                                                                                          RT_ICON0x1541a00x468GLS_BINARY_LSB_FIRST
                                                                                          RT_ICON0x1546180x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                                                                                          RT_ICON0x1556d00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                                                          RT_ICON0x157c880x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                                                                                          RT_ICON0x15bec00x10828dBase III DBT, version number 0, next free block index 40
                                                                                          RT_ICON0x16c6f80xf255PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                          RT_GROUP_ICON0x17b9600x5adata
                                                                                          RT_VERSION0x17b9cc0x3bedata
                                                                                          RT_MANIFEST0x17bd9c0x5daXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                          Imports

                                                                                          DLLImport
                                                                                          mscoree.dll_CorExeMain

                                                                                          Version Infos

                                                                                          DescriptionData
                                                                                          Translation0x0000 0x04b0
                                                                                          LegalCopyrightCopyright 2015 Benz
                                                                                          Assembly Version1.6.0.65
                                                                                          InternalNameCultureNotFoundException.exe
                                                                                          FileVersion1.6.0.65
                                                                                          CompanyNameTown and Country Convenience Stores
                                                                                          LegalTrademarks
                                                                                          Comments
                                                                                          ProductNameCDWorkFlow
                                                                                          ProductVersion1.6.0.65
                                                                                          FileDescriptionCDWorkFlow
                                                                                          OriginalFilenameCultureNotFoundException.exe

                                                                                          Network Behavior

                                                                                          Snort IDS Alerts

                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                          06/11/21-15:05:19.130058TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49740587192.168.2.3208.91.199.223
                                                                                          06/11/21-15:05:22.400224TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49741587192.168.2.3208.91.199.223

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jun 11, 2021 15:05:16.702770948 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:16.879175901 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:16.879373074 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:17.407032013 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:17.447096109 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:17.576631069 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:17.753098011 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:17.753143072 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:17.756095886 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:17.933439970 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:17.935045004 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:18.113620043 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:18.125082016 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:18.304600954 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:18.353404999 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:18.759105921 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:18.949807882 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:18.950215101 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:19.126883030 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:19.130058050 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:19.130206108 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:19.130265951 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:19.130342007 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:19.306461096 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:19.306489944 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:19.406755924 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:19.447290897 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:20.774704933 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:20.953493118 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:20.953521967 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:20.954680920 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:20.954747915 CEST49740587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:20.955265045 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:21.131170034 CEST58749740208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:21.131198883 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:21.131325006 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:21.310415030 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:21.314012051 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:21.490053892 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:21.490082026 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:21.491157055 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:21.667876959 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:21.668116093 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:21.847563982 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:21.848362923 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.027477026 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:22.030374050 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.221380949 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:22.222388029 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.398606062 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:22.400203943 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.400223970 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.400324106 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.400331020 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.400333881 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.400341988 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.400399923 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.400413990 CEST49741587192.168.2.3208.91.199.223
                                                                                          Jun 11, 2021 15:05:22.576199055 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:22.576225042 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:22.576234102 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:22.676768064 CEST58749741208.91.199.223192.168.2.3
                                                                                          Jun 11, 2021 15:05:22.728996992 CEST49741587192.168.2.3208.91.199.223

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jun 11, 2021 15:03:09.897196054 CEST6493853192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:09.959788084 CEST53649388.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:10.456557035 CEST6015253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:10.509562969 CEST53601528.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:11.549014091 CEST5754453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:11.599142075 CEST53575448.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:12.474850893 CEST5598453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:12.524914026 CEST53559848.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:13.650135994 CEST6418553192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:13.702147961 CEST53641858.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:14.663593054 CEST6511053192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:14.726950884 CEST53651108.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:15.925226927 CEST5836153192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:15.975229025 CEST53583618.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:17.442171097 CEST6349253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:17.496798038 CEST53634928.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:18.638406992 CEST6083153192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:18.693517923 CEST53608318.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:19.803819895 CEST6010053192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:19.856789112 CEST53601008.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:22.071799994 CEST5319553192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:22.121840000 CEST53531958.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:23.303778887 CEST5014153192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:23.362693071 CEST53501418.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:24.478569031 CEST5302353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:24.539657116 CEST53530238.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:25.628767967 CEST4956353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:25.679605007 CEST53495638.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:26.802371979 CEST5135253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:26.852597952 CEST53513528.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:31.072808981 CEST5934953192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:31.122845888 CEST53593498.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:34.590799093 CEST5708453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:34.642755985 CEST53570848.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:35.772319078 CEST5882353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:35.824404955 CEST53588238.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:40.752521038 CEST5756853192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:40.812264919 CEST53575688.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:03:46.559942961 CEST5054053192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:03:46.629012108 CEST53505408.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:04:04.855604887 CEST5436653192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:04:04.907403946 CEST53543668.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:04:20.386693001 CEST5303453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:04:20.467632055 CEST53530348.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:04:29.106440067 CEST5776253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:04:29.166707993 CEST53577628.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:04:33.148569107 CEST5543553192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:04:33.208435059 CEST53554358.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:05:04.330729008 CEST5071353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:05:04.405294895 CEST53507138.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:05:06.608783960 CEST5613253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:05:06.677804947 CEST53561328.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:05:16.249649048 CEST5898753192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:05:16.455562115 CEST53589878.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 15:05:16.539876938 CEST5657953192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 15:05:16.598628998 CEST53565798.8.8.8192.168.2.3

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                          Jun 11, 2021 15:05:16.249649048 CEST192.168.2.38.8.8.80xb219Standard query (0)smtp.globaloffs-site.comA (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.539876938 CEST192.168.2.38.8.8.80xb60aStandard query (0)smtp.globaloffs-site.comA (IP address)IN (0x0001)

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                          Jun 11, 2021 15:05:16.455562115 CEST8.8.8.8192.168.2.30xb219No error (0)smtp.globaloffs-site.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.455562115 CEST8.8.8.8192.168.2.30xb219No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.455562115 CEST8.8.8.8192.168.2.30xb219No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.455562115 CEST8.8.8.8192.168.2.30xb219No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.455562115 CEST8.8.8.8192.168.2.30xb219No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.598628998 CEST8.8.8.8192.168.2.30xb60aNo error (0)smtp.globaloffs-site.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.598628998 CEST8.8.8.8192.168.2.30xb60aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.598628998 CEST8.8.8.8192.168.2.30xb60aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.598628998 CEST8.8.8.8192.168.2.30xb60aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                          Jun 11, 2021 15:05:16.598628998 CEST8.8.8.8192.168.2.30xb60aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)

                                                                                          SMTP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                                          Jun 11, 2021 15:05:17.407032013 CEST58749740208.91.199.223192.168.2.3220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                          Jun 11, 2021 15:05:17.576631069 CEST49740587192.168.2.3208.91.199.223EHLO 878164
                                                                                          Jun 11, 2021 15:05:17.753143072 CEST58749740208.91.199.223192.168.2.3250-us2.outbound.mailhostbox.com
                                                                                          250-PIPELINING
                                                                                          250-SIZE 41648128
                                                                                          250-VRFY
                                                                                          250-ETRN
                                                                                          250-STARTTLS
                                                                                          250-AUTH PLAIN LOGIN
                                                                                          250-AUTH=PLAIN LOGIN
                                                                                          250-ENHANCEDSTATUSCODES
                                                                                          250-8BITMIME
                                                                                          250 DSN
                                                                                          Jun 11, 2021 15:05:17.756095886 CEST49740587192.168.2.3208.91.199.223AUTH login c3RhZmZzQGdsb2JhbG9mZnMtc2l0ZS5jb20=
                                                                                          Jun 11, 2021 15:05:17.933439970 CEST58749740208.91.199.223192.168.2.3334 UGFzc3dvcmQ6
                                                                                          Jun 11, 2021 15:05:18.113620043 CEST58749740208.91.199.223192.168.2.3235 2.7.0 Authentication successful
                                                                                          Jun 11, 2021 15:05:18.125082016 CEST49740587192.168.2.3208.91.199.223MAIL FROM:<staffs@globaloffs-site.com>
                                                                                          Jun 11, 2021 15:05:18.304600954 CEST58749740208.91.199.223192.168.2.3250 2.1.0 Ok
                                                                                          Jun 11, 2021 15:05:18.759105921 CEST49740587192.168.2.3208.91.199.223RCPT TO:<staffs@globaloffs-site.com>
                                                                                          Jun 11, 2021 15:05:18.949807882 CEST58749740208.91.199.223192.168.2.3250 2.1.5 Ok
                                                                                          Jun 11, 2021 15:05:18.950215101 CEST49740587192.168.2.3208.91.199.223DATA
                                                                                          Jun 11, 2021 15:05:19.126883030 CEST58749740208.91.199.223192.168.2.3354 End data with <CR><LF>.<CR><LF>
                                                                                          Jun 11, 2021 15:05:19.130342007 CEST49740587192.168.2.3208.91.199.223.
                                                                                          Jun 11, 2021 15:05:19.406755924 CEST58749740208.91.199.223192.168.2.3250 2.0.0 Ok: queued as D3BED18547D
                                                                                          Jun 11, 2021 15:05:20.774704933 CEST49740587192.168.2.3208.91.199.223QUIT
                                                                                          Jun 11, 2021 15:05:20.953493118 CEST58749740208.91.199.223192.168.2.3221 2.0.0 Bye
                                                                                          Jun 11, 2021 15:05:21.310415030 CEST58749741208.91.199.223192.168.2.3220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                          Jun 11, 2021 15:05:21.314012051 CEST49741587192.168.2.3208.91.199.223EHLO 878164
                                                                                          Jun 11, 2021 15:05:21.490082026 CEST58749741208.91.199.223192.168.2.3250-us2.outbound.mailhostbox.com
                                                                                          250-PIPELINING
                                                                                          250-SIZE 41648128
                                                                                          250-VRFY
                                                                                          250-ETRN
                                                                                          250-STARTTLS
                                                                                          250-AUTH PLAIN LOGIN
                                                                                          250-AUTH=PLAIN LOGIN
                                                                                          250-ENHANCEDSTATUSCODES
                                                                                          250-8BITMIME
                                                                                          250 DSN
                                                                                          Jun 11, 2021 15:05:21.491157055 CEST49741587192.168.2.3208.91.199.223AUTH login c3RhZmZzQGdsb2JhbG9mZnMtc2l0ZS5jb20=
                                                                                          Jun 11, 2021 15:05:21.667876959 CEST58749741208.91.199.223192.168.2.3334 UGFzc3dvcmQ6
                                                                                          Jun 11, 2021 15:05:21.847563982 CEST58749741208.91.199.223192.168.2.3235 2.7.0 Authentication successful
                                                                                          Jun 11, 2021 15:05:21.848362923 CEST49741587192.168.2.3208.91.199.223MAIL FROM:<staffs@globaloffs-site.com>
                                                                                          Jun 11, 2021 15:05:22.027477026 CEST58749741208.91.199.223192.168.2.3250 2.1.0 Ok
                                                                                          Jun 11, 2021 15:05:22.030374050 CEST49741587192.168.2.3208.91.199.223RCPT TO:<staffs@globaloffs-site.com>
                                                                                          Jun 11, 2021 15:05:22.221380949 CEST58749741208.91.199.223192.168.2.3250 2.1.5 Ok
                                                                                          Jun 11, 2021 15:05:22.222388029 CEST49741587192.168.2.3208.91.199.223DATA
                                                                                          Jun 11, 2021 15:05:22.398606062 CEST58749741208.91.199.223192.168.2.3354 End data with <CR><LF>.<CR><LF>
                                                                                          Jun 11, 2021 15:05:22.400413990 CEST49741587192.168.2.3208.91.199.223.
                                                                                          Jun 11, 2021 15:05:22.676768064 CEST58749741208.91.199.223192.168.2.3250 2.0.0 Ok: queued as 21A4A185763

                                                                                          Code Manipulations

                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Start time:15:03:17
                                                                                          Start date:11/06/2021
                                                                                          Path:C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe'
                                                                                          Imagebase:0x960000
                                                                                          File size:1549824 bytes
                                                                                          MD5 hash:151EC82864CC859F03BE0CB572F30357
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.256781458.0000000003DE1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.256294425.0000000002E30000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          Reputation:low

                                                                                          General

                                                                                          Start time:15:03:32
                                                                                          Start date:11/06/2021
                                                                                          Path:C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\Desktop\NEW URGENT ENQUIRY.exe
                                                                                          Imagebase:0x700000
                                                                                          File size:1549824 bytes
                                                                                          MD5 hash:151EC82864CC859F03BE0CB572F30357
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000002.480352639.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.485743997.0000000002C11000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.248827227.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          Reputation:low

                                                                                          Disassembly

                                                                                          Code Analysis

                                                                                          Reset < >

                                                                                            Executed Functions

                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32 ref: 02D36BF0
                                                                                            • GetCurrentThread.KERNEL32 ref: 02D36C2D
                                                                                            • GetCurrentProcess.KERNEL32 ref: 02D36C6A
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02D36CC3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Current$ProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2063062207-0
                                                                                            • Opcode ID: dcd5f14bdee1c594652c72c058f1f56bae71af1aab6915c16153e0c53246fe85
                                                                                            • Instruction ID: 377e0d4e5e6c44e8a4303a7aec9aea038519761c62b229eb558ee8c396f26162
                                                                                            • Opcode Fuzzy Hash: dcd5f14bdee1c594652c72c058f1f56bae71af1aab6915c16153e0c53246fe85
                                                                                            • Instruction Fuzzy Hash: 395175B0A046498FDB05CFA9DA88BEEBFF0EF88318F208559E008A7350C7749844CF65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32 ref: 02D36BF0
                                                                                            • GetCurrentThread.KERNEL32 ref: 02D36C2D
                                                                                            • GetCurrentProcess.KERNEL32 ref: 02D36C6A
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02D36CC3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Current$ProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2063062207-0
                                                                                            • Opcode ID: cb3b5391d66a07ecf5481f1f941fe4ee5430feef7fcc1318906eb8877151a3e1
                                                                                            • Instruction ID: 72fd6b80a5fcdfecf8daae083a86ffec8990963c4c77e54df33ab0b8d7dafa4b
                                                                                            • Opcode Fuzzy Hash: cb3b5391d66a07ecf5481f1f941fe4ee5430feef7fcc1318906eb8877151a3e1
                                                                                            • Instruction Fuzzy Hash: C15155B0E046499FDB14CFA9D648BEEBBF4FB48318F208559E019A7350D7749844CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 02D3BE0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 6abe9406fcb84fbbd8bf2c58b0f14a1158fa679feb7a427192c8d620541decc1
                                                                                            • Instruction ID: 5c805c8af3d38ba7e9ac35ad9512489d5eaf61d3004ea6ff1c435b91b8b6c96a
                                                                                            • Opcode Fuzzy Hash: 6abe9406fcb84fbbd8bf2c58b0f14a1158fa679feb7a427192c8d620541decc1
                                                                                            • Instruction Fuzzy Hash: 25813670A00B058FDB25DF6AC45579ABBF1FF88208F10892AD486DBB50DB35E806CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D3DD8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: 0f2e336a80145078a9a01f4158a34a73b338c87b2a5714eeb2b99490e160d84c
                                                                                            • Instruction ID: 12fd55ecad4b5d19e111625ee559692772279de50652c3c3296e157b11acbe44
                                                                                            • Opcode Fuzzy Hash: 0f2e336a80145078a9a01f4158a34a73b338c87b2a5714eeb2b99490e160d84c
                                                                                            • Instruction Fuzzy Hash: 0851C0B1D00309DFDF15CFA9D984ADEBBB6BF48314F24852AE819AB210D7749985CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D3DD8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: 52325f504175244e3edcd37106df1af978a5b07a3641f74bb5f71436f984a891
                                                                                            • Instruction ID: 5aa174ca02e2aeac2967109ba3122af1b3b9ec5c73246381c9c34e9746b4bd8f
                                                                                            • Opcode Fuzzy Hash: 52325f504175244e3edcd37106df1af978a5b07a3641f74bb5f71436f984a891
                                                                                            • Instruction Fuzzy Hash: 9E41AFB1D003099FDF15CF99D884ADEBBB6BF48314F24822AE819AB210D7749985CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D36E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 8f0d43c43012019b1daf17cfb9cb235b4573f09b4187fef491cbe925759c13bf
                                                                                            • Instruction ID: 6794cc73a76ad5a45c110524712d0e363277ef5cdc02e459aee75f7c15039b24
                                                                                            • Opcode Fuzzy Hash: 8f0d43c43012019b1daf17cfb9cb235b4573f09b4187fef491cbe925759c13bf
                                                                                            • Instruction Fuzzy Hash: 1C414576900208AFCF01CFA9D844AEEBBF9EB49320F14806AE944A7310D775E954CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 05400D91
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.259530633.0000000005400000.00000040.00000001.sdmp, Offset: 05400000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CallProcWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2714655100-0
                                                                                            • Opcode ID: cfe0757803e8954d48e28566432995f07f9bcd752d380ccd9b8cd4e80c693b74
                                                                                            • Instruction ID: cc3cd5c80b2651d0072c80edcd2deed30ab00f8c915482fe574276c1d37b512d
                                                                                            • Opcode Fuzzy Hash: cfe0757803e8954d48e28566432995f07f9bcd752d380ccd9b8cd4e80c693b74
                                                                                            • Instruction Fuzzy Hash: F2411DB8A00205CFCB14CF99C448BAABBF5FF89314F25C599D519A7361D774A842CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D36E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 0e19b48e1c91655abe72bcd38d0db186a511ac9d3f5d4dbf49afcd14657c887b
                                                                                            • Instruction ID: 50c9c9946267f9d44f25f9e1efddcbc8504274881fb467ded4fac8958739fab7
                                                                                            • Opcode Fuzzy Hash: 0e19b48e1c91655abe72bcd38d0db186a511ac9d3f5d4dbf49afcd14657c887b
                                                                                            • Instruction Fuzzy Hash: 0E21E7B59002089FDB10CF99D985BDEBBF8EB48324F14841AE914B7310D774A944CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D36E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: d90c4861ec7e6b7c11f7d12c760da04bcdc42d267c6b17ac58a340a3bf381f7e
                                                                                            • Instruction ID: 21314595adcc86cffaade5f8f39278234830eeb2228c68d6caee7a50f4d8d0de
                                                                                            • Opcode Fuzzy Hash: d90c4861ec7e6b7c11f7d12c760da04bcdc42d267c6b17ac58a340a3bf381f7e
                                                                                            • Instruction Fuzzy Hash: 9721C6B59002089FDF10CF99D984BEEBBF8EB48324F14841AE914B7310D774A944CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • RtlEncodePointer.NTDLL(00000000), ref: 0540766A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.259530633.0000000005400000.00000040.00000001.sdmp, Offset: 05400000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EncodePointer
                                                                                            • String ID:
                                                                                            • API String ID: 2118026453-0
                                                                                            • Opcode ID: 9c5f9ee6fa2f44541034e37c9a9bc9b588d03ab784c20d4308737a5b7ff45cde
                                                                                            • Instruction ID: 7cc8f9cc9afb898bd5ee7f7eb566cd30e498ccb29f3946baec60a05cce4cba02
                                                                                            • Opcode Fuzzy Hash: 9c5f9ee6fa2f44541034e37c9a9bc9b588d03ab784c20d4308737a5b7ff45cde
                                                                                            • Instruction Fuzzy Hash: 57218E709103058FDF50CF69D5497EEBBF4FB493A4F208829D806A7240C778A505CFA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02D3BE89,00000800,00000000,00000000), ref: 02D3C09A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: dd132a5ce432eeda98dfdf2d33644b6cd0eb32e068f66f1b6c27b366975fc23b
                                                                                            • Instruction ID: 02d70e33a6d9fbdbe54965ca6fc33af65bf9a2bcc314bdddbd3f820f596053a8
                                                                                            • Opcode Fuzzy Hash: dd132a5ce432eeda98dfdf2d33644b6cd0eb32e068f66f1b6c27b366975fc23b
                                                                                            • Instruction Fuzzy Hash: 5F1103B29042488FCB10CF9AD844BAEBBF4AB88364F10852AD919B7700C775A945CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02D3BE89,00000800,00000000,00000000), ref: 02D3C09A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: 7bba40995430e2d2c3dae3023a676b9ceaacd37ed6eb69fe43b502a4e1e31f42
                                                                                            • Instruction ID: 17c12dfe6688d757836d1b200e94de50aaed3557a4a1511243c2087c9c29328e
                                                                                            • Opcode Fuzzy Hash: 7bba40995430e2d2c3dae3023a676b9ceaacd37ed6eb69fe43b502a4e1e31f42
                                                                                            • Instruction Fuzzy Hash: 0B1106B2D002498FCB10CF9AD984BDEFBF4EB89314F10851AD515B7600C775A945CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • RtlEncodePointer.NTDLL(00000000), ref: 0540766A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.259530633.0000000005400000.00000040.00000001.sdmp, Offset: 05400000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EncodePointer
                                                                                            • String ID:
                                                                                            • API String ID: 2118026453-0
                                                                                            • Opcode ID: 778d32b0f80873cbeb0f81482f6a3243599222119d4dc5194afcdc348fc1944e
                                                                                            • Instruction ID: 0be7aa292309b7ad6e010435ad836edc84eb308727f1cd684fc26769282de240
                                                                                            • Opcode Fuzzy Hash: 778d32b0f80873cbeb0f81482f6a3243599222119d4dc5194afcdc348fc1944e
                                                                                            • Instruction Fuzzy Hash: 0F114D709103458FDF50CF69D5487EEBBF4FB493A4F208829D806A7640C779A944CFA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • RtlEncodePointer.NTDLL(00000000), ref: 05407915
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.259530633.0000000005400000.00000040.00000001.sdmp, Offset: 05400000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EncodePointer
                                                                                            • String ID:
                                                                                            • API String ID: 2118026453-0
                                                                                            • Opcode ID: 59482d77f6e7d47246d79ce5b48cac4a319db4c2dcd3a7de669b37d7055fad53
                                                                                            • Instruction ID: adcef85b9052778dfcfa2674f63322577d064806d769ae8a1b10472ca6e47fff
                                                                                            • Opcode Fuzzy Hash: 59482d77f6e7d47246d79ce5b48cac4a319db4c2dcd3a7de669b37d7055fad53
                                                                                            • Instruction Fuzzy Hash: E2118EB19103058FDB50DFA9D5497EABFF8FB09314F20482AD409A7380CB78A505CFA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 02D3BE0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: aa474204931f2942fa22e6bf4572adc70e6233bc1de4a6b2cf4b75dee2169c5c
                                                                                            • Instruction ID: 072fc86934baa9ba2c1f025d964a6060245c0438b5c3bde23854ce50553daf90
                                                                                            • Opcode Fuzzy Hash: aa474204931f2942fa22e6bf4572adc70e6233bc1de4a6b2cf4b75dee2169c5c
                                                                                            • Instruction Fuzzy Hash: 0B11DFB6D006498FCB10CF9AD844BDEFBF4EB88228F14851AD919B7700D778A945CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,?,?), ref: 02D3DF1D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1378638983-0
                                                                                            • Opcode ID: 963bc96b4c00b1e9b537738feba5643d1331e05804d86003cc39eddc7cca4ed3
                                                                                            • Instruction ID: ddd5263d554ae645f64d972cfe50376146a08ce0e67f5cc411ac9a1dc308e1de
                                                                                            • Opcode Fuzzy Hash: 963bc96b4c00b1e9b537738feba5643d1331e05804d86003cc39eddc7cca4ed3
                                                                                            • Instruction Fuzzy Hash: 3A1115B59002488FDB10CF99D585BDEBBF8EB48324F10851AD919A7740C374A944CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,?,?), ref: 02D3DF1D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1378638983-0
                                                                                            • Opcode ID: 7d031e24ddf11550a5612ba83b9f5c2e2ff94e53f8ae4587a0499e8850d8444a
                                                                                            • Instruction ID: 8992e69cec580cf716bfbbbc8da5b8beadd0039b61bbd45e872afbbff0827416
                                                                                            • Opcode Fuzzy Hash: 7d031e24ddf11550a5612ba83b9f5c2e2ff94e53f8ae4587a0499e8850d8444a
                                                                                            • Instruction Fuzzy Hash: E51112B5900248CFDB10CF99D585BEEBBF8EB48324F24851AD819A7740C378A944CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2426f18b72223d193d2ac78c31827b702bc75b15acda786aac1d6e0b81fc7f81
                                                                                            • Instruction ID: 011b98d8d8e7aaea5723da5c23280ae0148735c3a2263f709b24b66e67e3c2ea
                                                                                            • Opcode Fuzzy Hash: 2426f18b72223d193d2ac78c31827b702bc75b15acda786aac1d6e0b81fc7f81
                                                                                            • Instruction Fuzzy Hash: E95248B1E957068BD710CF14F888A997BB1FB44328FD04A09D1626FB91D3B86D6ACF44
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.255889375.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 82e4ba1a9849f45e1ca7a83d9a7ce2ceb924fdf0cd73b563e7428f2ae8a12236
                                                                                            • Instruction ID: 355cb3acd976a792edc3014c87350d6903dff164090bda00e5a8445ce57722aa
                                                                                            • Opcode Fuzzy Hash: 82e4ba1a9849f45e1ca7a83d9a7ce2ceb924fdf0cd73b563e7428f2ae8a12236
                                                                                            • Instruction Fuzzy Hash: 59A15D32E006198FCF06DFA5C8445DEBBB2FF85304B15856AE906AB361EB71AD16CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Executed Functions

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.482055925.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 129811785b3f104693ea33b4420396453b379e01da298fc03b65f0271bc8d225
                                                                                            • Instruction ID: a8d61d99d41cc0a3c2a2c1bdbd93e0522b376acc47a9c938043f35e1fc6ad064
                                                                                            • Opcode Fuzzy Hash: 129811785b3f104693ea33b4420396453b379e01da298fc03b65f0271bc8d225
                                                                                            • Instruction Fuzzy Hash: B3A21934E046198FDB24DB79C894B9DB7B5AF89300F20C5AED449EB751EB309E85CB81
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.482055925.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnableScroll
                                                                                            • String ID:
                                                                                            • API String ID: 2561945981-0
                                                                                            • Opcode ID: b0ebb721a9a21ae37e3af0cd5d1dbb249467563e396f212d20d76d03a7ef5e1f
                                                                                            • Instruction ID: 2a34a3bca7e64a74adb0af809c7071efcd09ea82a725a963d6be5defeb05b15f
                                                                                            • Opcode Fuzzy Hash: b0ebb721a9a21ae37e3af0cd5d1dbb249467563e396f212d20d76d03a7ef5e1f
                                                                                            • Instruction Fuzzy Hash: 2DD1AF30F042145FDB18EB758C59B6EBAE6AFC9704F29842DE106EB785DF349C068B91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 05F3265B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HookWindows
                                                                                            • String ID:
                                                                                            • API String ID: 2559412058-0
                                                                                            • Opcode ID: ef99e2536ecf5551344616dadbfed06b0e0a46a8c50c959c66038f47b1c2e5a3
                                                                                            • Instruction ID: 25067655b4208b2043bbf6ce103a8cc7386b6ed7b39e4388445abe60b4f8bf85
                                                                                            • Opcode Fuzzy Hash: ef99e2536ecf5551344616dadbfed06b0e0a46a8c50c959c66038f47b1c2e5a3
                                                                                            • Instruction Fuzzy Hash: 4D213375D042089FCB50CF99D944BEEBBF5FF88324F10842AE419A7290DB78A944CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1131730514-0
                                                                                            • Opcode ID: bf41605de09dc2fbc0f9406e78ca3142b946d11198ebaf58cbf32280d4c4ddd5
                                                                                            • Instruction ID: 45cae0774ed58314340f62fd9c532243d44db73433cda59d97381c6bcec6ea23
                                                                                            • Opcode Fuzzy Hash: bf41605de09dc2fbc0f9406e78ca3142b946d11198ebaf58cbf32280d4c4ddd5
                                                                                            • Instruction Fuzzy Hash: 4451B439B00204DFDB14EBB4E858AAE37FAAB89714F10442DE106E7395DF359C06CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • DrawStateW.USER32(00000001), ref: 009C43E7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.482055925.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrawState
                                                                                            • String ID:
                                                                                            • API String ID: 345284738-0
                                                                                            • Opcode ID: 81a554dbf48809d7b87ab4625813ec64ab965a515d7704d98df3d77e5048ae93
                                                                                            • Instruction ID: 8ad2e60ab28d980ebcdac64e4ec4fb634c036f3fa8646d83738be13fa507473b
                                                                                            • Opcode Fuzzy Hash: 81a554dbf48809d7b87ab4625813ec64ab965a515d7704d98df3d77e5048ae93
                                                                                            • Instruction Fuzzy Hash: 5402BF30B002159FCB14EBB4C865BAE7BF6AF89315F248469E506DB395DB34DD02CB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 635e534d2b4bd0d9e36ea856f226a6de32f3d9035d1abb1d7579f7cb6ae87e1a
                                                                                            • Instruction ID: e7c5fd037a051b7ebc187799c5e856cd094a1092e4643c4b2b1c9954a582b7eb
                                                                                            • Opcode Fuzzy Hash: 635e534d2b4bd0d9e36ea856f226a6de32f3d9035d1abb1d7579f7cb6ae87e1a
                                                                                            • Instruction Fuzzy Hash: 8A414472E083458FCB10CFB9D8046EEBBF5AF8A314F15866EC409A7641DB789845CBD1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.482055925.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnableScroll
                                                                                            • String ID:
                                                                                            • API String ID: 2561945981-0
                                                                                            • Opcode ID: 728f0e4b254ef63d79341b952c1970f590d97817e42813f2b768d26947cfb789
                                                                                            • Instruction ID: bf3c5ddc2cf8b2063b8b4118487a0de1b1711747800d1a29c2058a457b5b48e5
                                                                                            • Opcode Fuzzy Hash: 728f0e4b254ef63d79341b952c1970f590d97817e42813f2b768d26947cfb789
                                                                                            • Instruction Fuzzy Hash: 15210534F082455FCB41EBB9984579EBBF5AFC5304F55806AD448EB356FB389C068B81
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 05F3265B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HookWindows
                                                                                            • String ID:
                                                                                            • API String ID: 2559412058-0
                                                                                            • Opcode ID: 095c0b1e3a57e057abc4142708762ce2144a3286038310d7f8e5ed4b6aa6160f
                                                                                            • Instruction ID: 6c195302b5bb507265246713aa7f89374e653e537b9d21e1c461cae07da70622
                                                                                            • Opcode Fuzzy Hash: 095c0b1e3a57e057abc4142708762ce2144a3286038310d7f8e5ed4b6aa6160f
                                                                                            • Instruction Fuzzy Hash: BE213575D042098FCB10CF99D844BEEBBF5BF88314F14842AD419A7290CB78A944CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • DrawStateW.USER32(00000001), ref: 009C43E7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.482055925.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrawState
                                                                                            • String ID:
                                                                                            • API String ID: 345284738-0
                                                                                            • Opcode ID: c5d458bb11e0364d35b946dbd35c234cda64fedb66ba24045df0ecb16c69f4e1
                                                                                            • Instruction ID: ef97679e6e2e4b25afbd3b5918a168c0ec55c91d81ef091a6cd213d44049f3ec
                                                                                            • Opcode Fuzzy Hash: c5d458bb11e0364d35b946dbd35c234cda64fedb66ba24045df0ecb16c69f4e1
                                                                                            • Instruction Fuzzy Hash: 2611A031F01514CFCB14DA24D068F69B7E6AB84751F24852DE51ACB351DB30EC51CB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,05F3D939,00000800), ref: 05F3D9CA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: ca03658c2ccf2c684466ca57fbca1491f31f3061525b325a470e730931b28576
                                                                                            • Instruction ID: 94652a5b1174296ef32e51efeb557274ae03592821e017d8bd97aaebc80045f6
                                                                                            • Opcode Fuzzy Hash: ca03658c2ccf2c684466ca57fbca1491f31f3061525b325a470e730931b28576
                                                                                            • Instruction Fuzzy Hash: C41159B6C002089FDB10CF9AD844ADEFBF4FB88360F11841AE419B7200C778A545CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,05F315BA), ref: 05F316A7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: GlobalMemoryStatus
                                                                                            • String ID:
                                                                                            • API String ID: 1890195054-0
                                                                                            • Opcode ID: 41cd0991f7bf878e02a8b0458f29d5a423c5f7507b5c34815e65ca539a430c95
                                                                                            • Instruction ID: 1538b76edda67fb38c6af35ab8ccfd985c2c6fbff2053893f0ef86316c5ebe1f
                                                                                            • Opcode Fuzzy Hash: 41cd0991f7bf878e02a8b0458f29d5a423c5f7507b5c34815e65ca539a430c95
                                                                                            • Instruction Fuzzy Hash: 151144B1C046199BCB10CF9AC844BEEFBF4BB48324F15812AD818B7240D778A944CFE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,05F3D939,00000800), ref: 05F3D9CA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: 542d9fed6d302cc0486fa5df5213ea52e1173d1c9fe7a7ebc1682a1fa0f56704
                                                                                            • Instruction ID: 4bb958dbf4668347db617843b673abc72d762b21c56cb985794468f8f3e05e76
                                                                                            • Opcode Fuzzy Hash: 542d9fed6d302cc0486fa5df5213ea52e1173d1c9fe7a7ebc1682a1fa0f56704
                                                                                            • Instruction Fuzzy Hash: 461106B6D042098FDB10CF9AD445AEEBBF5AB88360F11841AE41AA7210D778A945CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            APIs
                                                                                            • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,05F315BA), ref: 05F316A7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.490745890.0000000005F30000.00000040.00000001.sdmp, Offset: 05F30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: GlobalMemoryStatus
                                                                                            • String ID:
                                                                                            • API String ID: 1890195054-0
                                                                                            • Opcode ID: f29afa7bf564bc12aeeb932f3e22b9fcedd80f2d274b22239bad016b01573c2a
                                                                                            • Instruction ID: 7afaf6736f34375c8a018a7a676c446908e706106ebbcf1431972a17deefb8b5
                                                                                            • Opcode Fuzzy Hash: f29afa7bf564bc12aeeb932f3e22b9fcedd80f2d274b22239bad016b01573c2a
                                                                                            • Instruction Fuzzy Hash: 901133B1C046198BDB10CF9AD844BDEBBF4AF48224F15852AD818B7250D778A944CFE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.484082913.0000000000E4D000.00000040.00000001.sdmp, Offset: 00E4D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7393956347c4d8e33fb1e6884ebaa26917d0dfc9063ae985e07a26a84a232212
                                                                                            • Instruction ID: 4e831916f301c7058408c5e6fd9cde96ec7ad80d34e3f0e664b7213d497dfaf9
                                                                                            • Opcode Fuzzy Hash: 7393956347c4d8e33fb1e6884ebaa26917d0dfc9063ae985e07a26a84a232212
                                                                                            • Instruction Fuzzy Hash: 2A21F271608240DFCB14CF54E9C4B66BB66FB88728F24C96DD8095B346C73AD847DA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.484082913.0000000000E4D000.00000040.00000001.sdmp, Offset: 00E4D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8d5d87c90f014a7157736f0756494965f860b0ef12e3b89b46fa27829799c9ba
                                                                                            • Instruction ID: d9109e1759230b69d0d43dcb93533a44d4aad2216041f4587833028aaafa1ff6
                                                                                            • Opcode Fuzzy Hash: 8d5d87c90f014a7157736f0756494965f860b0ef12e3b89b46fa27829799c9ba
                                                                                            • Instruction Fuzzy Hash: C121507550D3C08FCB12CF24D994715BF71EB46314F29C5EAD8498B6A7C33A984ACB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000003.477807534.000000000106C000.00000004.00000001.sdmp, Offset: 0106C000, based on PE: false
                                                                                            • Associated: 00000002.00000003.478124644.000000000106C000.00000004.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 4.0.$l$l$neut$s
                                                                                            • API String ID: 0-2875894702
                                                                                            • Opcode ID: 6d2e10323c71c216f790e6fc047db61f8478e1283a57cf1fa95203b49a03b0a0
                                                                                            • Instruction ID: 97050df0619d46563c35872c87b7f5cc63b00cc0ade809afc5ca7635138b6312
                                                                                            • Opcode Fuzzy Hash: 6d2e10323c71c216f790e6fc047db61f8478e1283a57cf1fa95203b49a03b0a0
                                                                                            • Instruction Fuzzy Hash: E141022081F6C44ECB568B799AAA28E7F61EB03520B2E86CFC5C19F5E3C5015817C39B
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%