Windows Analysis Report
BANK DETAILS-26012022-971332pdf.exe

Overview

General Information

Sample Name: BANK DETAILS-26012022-971332pdf.exe
Analysis ID: 562235
MD5: 910c0f757136dae70dce2cc03696ba22
SHA1: a85fac6a00637418b448c2bd4385ac5cdc5ffb88
SHA256: 8810e0ffd6b2dd2fc3d00b994bd8c9fcb2c086b9e38843d0ee5507a793ecfdf9
Tags: agentteslaexe
Infos:

Detection

AgentTesla
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

AV Detection
barindex
Found malware configuration
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpack Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "webmaster@topfrozenfoodbrand.com", "Password": "Chukwudim28@", "Host": "mail.topfrozenfoodbrand.com"}
Multi AV Scanner detection for submitted file
Source: BANK DETAILS-26012022-971332pdf.exe Virustotal: Detection: 33% Perma Link
Source: BANK DETAILS-26012022-971332pdf.exe ReversingLabs: Detection: 16%
Machine Learning detection for sample
Source: BANK DETAILS-26012022-971332pdf.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpack Avira: Label: TR/Spy.Gen8
Source: 6.2.BANK DETAILS-26012022-971332pdf.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpack Avira: Label: TR/Spy.Gen8
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpack Avira: Label: TR/Spy.Gen8
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.12.unpack Avira: Label: TR/Spy.Gen8
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.4.unpack Avira: Label: TR/Spy.Gen8

Compliance
barindex
Uses 32bit PE files
Source: BANK DETAILS-26012022-971332pdf.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
Source: BANK DETAILS-26012022-971332pdf.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: TokenizerStre.pdb source: BANK DETAILS-26012022-971332pdf.exe

Software Vulnerabilities
barindex
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 4x nop then jmp 073B9EDCh 0_2_073B9678
Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://DynDns.comDynDNS
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://blog.iandreev.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://blog.iandreev.com/
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346004627.000000000570A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://en.w
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345178331.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345580315.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345303828.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345443877.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com(
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344658698.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345178331.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345580315.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346147418.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346312719.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345303828.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345443877.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.comH
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344658698.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344422326.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.comh
Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pqhOZd.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356270682.0000000005703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlA
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356421948.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357530502.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356613397.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356354633.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357158070.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356964632.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357392728.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356270682.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356823949.0000000005703000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlo
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com.
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com.le
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comTC
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comaJ
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comdd
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.come
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.come-dq
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354103784.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354279762.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353956995.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comfac
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comfly1
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comgHV
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comic
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comm
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comn
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.como.
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.como.h
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comslntc
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360919131.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361810622.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363198410.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361661933.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365212301.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers&
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360669337.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365246310.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.364897937.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365059167.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365156266.000000000571E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365246310.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.364897937.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365059167.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365156266.000000000571E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlP
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.362933474.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.362901092.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363054742.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlues
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365737946.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365357991.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360794711.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365212301.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersHCp
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363054742.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersN
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361661933.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designerst
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394719735.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comiona
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354410616.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351438590.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354103784.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351346025.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354542599.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354279762.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354724290.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351346025.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351222332.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn.
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349373927.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349516056.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/tr
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnH
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350306019.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnalg~
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350212467.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350019879.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnht
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnsk
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373735231.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373103167.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374434646.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374211840.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373529728.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374316037.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373391423.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373940250.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373270413.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374750886.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.376205247.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374879772.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375787400.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373735231.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375922159.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375662436.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373103167.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374434646.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374595213.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374996742.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374211840.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373529728.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375510695.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375139284.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375258553.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374316037.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373391423.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373940250.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.376039705.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375377550.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htme
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.krrmalu
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.342092297.00000000056E2000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356354633.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kra-e
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kra-eQ
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kro.kr-eQ
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.krtp
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353956995.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.comrll6
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360426299.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360669337.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360542611.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360279739.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360098131.00000000056FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.de
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367265581.0000000005708000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367118907.0000000005708000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.de-
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367265581.0000000005708000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367118907.0000000005708000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deiva
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn-u
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cngHV
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cno.
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

System Summary
barindex
Uses 32bit PE files
Source: BANK DETAILS-26012022-971332pdf.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
Detected potential crypto function
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D87390 0_2_00D87390
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D8738B 0_2_00D8738B
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D875D1 0_2_00D875D1
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D875E0 0_2_00D875E0
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_073B9210 0_2_073B9210
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_073B362D 0_2_073B362D
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_073B9201 0_2_073B9201
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_073B0014 0_2_073B0014
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_073B0006 0_2_073B0006
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_073B0040 0_2_073B0040
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_01242020 6_2_01242020
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_01242618 6_2_01242618
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_0124FA40 6_2_0124FA40
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_02CA46E0 6_2_02CA46E0
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_02CA46D2 6_2_02CA46D2
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_02CA4650 6_2_02CA4650
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_02CA4610 6_2_02CA4610
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_06117538 6_2_06117538
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_061190F8 6_2_061190F8
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_06116920 6_2_06116920
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_06116C68 6_2_06116C68
Sample file is different than original file name gathered from version info
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSafeSerializationManager.dll: vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.393831011.0000000000438000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394968176.000000000273A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394968176.000000000273A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.399229580.0000000007210000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameUI.dllF vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSafeSerializationManager.dll: vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameEUdZpNpokUALqNIfXATJDkVIxfYYlYlbEFdtk.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394938777.000000000270E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394938777.000000000270E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394938777.000000000270E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameEUdZpNpokUALqNIfXATJDkVIxfYYlYlbEFdtk.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUI.dllF vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000005.00000000.386946387.0000000000368000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000000.392036385.0000000000438000.00000040.00000400.00020000.00000000.sdmp Binary or memory string: OriginalFilenameEUdZpNpokUALqNIfXATJDkVIxfYYlYlbEFdtk.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.608283971.0000000000F58000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUNKNOWN_FILET vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000000.389928677.0000000000BC8000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe Binary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
Source: BANK DETAILS-26012022-971332pdf.exe Virustotal: Detection: 33%
Source: BANK DETAILS-26012022-971332pdf.exe ReversingLabs: Detection: 16%
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe File read: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe:Zone.Identifier Jump to behavior
Source: BANK DETAILS-26012022-971332pdf.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe "C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe"
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BANK DETAILS-26012022-971332pdf.exe.log Jump to behavior
Source: classification engine Classification label: mal100.troj.evad.winEXE@5/1@0/0
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: BANK DETAILS-26012022-971332pdf.exe, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: BANK DETAILS-26012022-971332pdf.exe, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.cs Cryptographic APIs: 'CreateDecryptor'
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: BANK DETAILS-26012022-971332pdf.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: BANK DETAILS-26012022-971332pdf.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: BANK DETAILS-26012022-971332pdf.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: TokenizerStre.pdb source: BANK DETAILS-26012022-971332pdf.exe

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: BANK DETAILS-26012022-971332pdf.exe, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.3.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 5.2.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.af0000.2.unpack, cl/c2.cs .Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
.NET source code contains method to dynamically call methods (often used by packers)
Source: BANK DETAILS-26012022-971332pdf.exe, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.3.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 5.2.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.af0000.2.unpack, Az/nE.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D840C0 push ecx; ret 0_2_00D840CA
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D841B9 push edx; ret 0_2_00D841BA
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D841BB push edx; ret 0_2_00D841BE
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D841BF push edx; ret 0_2_00D841C2
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D842B0 push esi; ret 0_2_00D842B2
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D8427B push ebp; ret 0_2_00D84282
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_00D8436B push edi; ret 0_2_00D8436E
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 0_2_073B57AB push E9FFFFFEh; retf 0_2_073B57B0
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_0124F940 push es; ret 6_2_0124F950
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_01247A37 push edi; retn 0000h 6_2_01247A39
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_02CAD656 push FFFFFF8Bh; iretd 6_2_02CAD65B
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_0611FF35 push ebp; ret 6_2_0611FF3C
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.26fda34.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.277d9e4.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 7104, type: MEMORYSTR
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 7108 Thread sleep time: -36341s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 7140 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 6812 Thread sleep time: -11068046444225724s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 6836 Thread sleep count: 2660 > 30 Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 6836 Thread sleep count: 7174 > 30 Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Window / User API: threadDelayed 2660 Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Window / User API: threadDelayed 7174 Jump to behavior
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Thread delayed: delay time: 36341 Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Anti Debugging
barindex
Enables debug privileges
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Memory written: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Process created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Jump to behavior

Language, Device and Operating System Detection
barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe Code function: 6_2_06112654 GetUserNameW, 6_2_06112654

Stealing of Sensitive Information
barindex
Yara detected AgentTesla
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.BANK DETAILS-26012022-971332pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000000.391395222.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.605562590.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000000.390418369.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.609225286.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 7104, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 992, type: MEMORYSTR
Yara detected Credential Stealer
Source: Yara match File source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 992, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected AgentTesla
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.BANK DETAILS-26012022-971332pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000000.391395222.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.605562590.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000000.390418369.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.609225286.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 7104, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 992, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 562235 Sample: BANK DETAILS-26012022-97133... Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 16 Found malware configuration 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 Yara detected AgentTesla 2->20 22 7 other signatures 2->22 6 BANK DETAILS-26012022-971332pdf.exe 3 2->6         started        process3 file4 14 BANK DETAILS-26012022-971332pdf.exe.log, ASCII 6->14 dropped 24 Injects a PE file into a foreign processes 6->24 10 BANK DETAILS-26012022-971332pdf.exe 2 6->10         started        12 BANK DETAILS-26012022-971332pdf.exe 6->12         started        signatures5 process6
No contacted IP infos