Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BANK DETAILS-26012022-971332pdf.exe

Overview

General Information

Sample Name:BANK DETAILS-26012022-971332pdf.exe
Analysis ID:562235
MD5:910c0f757136dae70dce2cc03696ba22
SHA1:a85fac6a00637418b448c2bd4385ac5cdc5ffb88
SHA256:8810e0ffd6b2dd2fc3d00b994bd8c9fcb2c086b9e38843d0ee5507a793ecfdf9
Tags:agentteslaexe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "webmaster@topfrozenfoodbrand.com", "Password": "Chukwudim28@", "Host": "mail.topfrozenfoodbrand.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 16 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 17 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "webmaster@topfrozenfoodbrand.com", "Password": "Chukwudim28@", "Host": "mail.topfrozenfoodbrand.com"}
                      Multi AV Scanner detection for submitted file
                      Source: BANK DETAILS-26012022-971332pdf.exeVirustotal: Detection: 33%Perma Link
                      Source: BANK DETAILS-26012022-971332pdf.exeReversingLabs: Detection: 16%
                      Machine Learning detection for sample
                      Source: BANK DETAILS-26012022-971332pdf.exeJoe Sandbox ML: detected
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpackAvira: Label: TR/Spy.Gen8
                      Source: 6.2.BANK DETAILS-26012022-971332pdf.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpackAvira: Label: TR/Spy.Gen8
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpackAvira: Label: TR/Spy.Gen8
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.12.unpackAvira: Label: TR/Spy.Gen8
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.4.unpackAvira: Label: TR/Spy.Gen8
                      Source: BANK DETAILS-26012022-971332pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                      Source: BANK DETAILS-26012022-971332pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: TokenizerStre.pdb source: BANK DETAILS-26012022-971332pdf.exe
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 4x nop then jmp 073B9EDCh0_2_073B9678
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://blog.iandreev.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://blog.iandreev.com/
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346004627.000000000570A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.w
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345178331.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345580315.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345303828.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345443877.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com(
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344658698.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345178331.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345580315.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346147418.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346312719.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345303828.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345443877.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.comH
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344658698.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344422326.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.comh
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pqhOZd.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356270682.0000000005703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlA
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356421948.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357530502.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356613397.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356354633.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357158070.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356964632.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357392728.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356270682.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356823949.0000000005703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlo
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com.
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com.le
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comTC
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comaJ
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comdd
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.come
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.come-dq
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354103784.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354279762.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353956995.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comfac
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comfly1
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comgHV
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comic
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comm
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comn
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.como.
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.como.h
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comslntc
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360919131.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361810622.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363198410.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361661933.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365212301.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers&
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360669337.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365246310.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.364897937.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365059167.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365156266.000000000571E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365246310.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.364897937.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365059167.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365156266.000000000571E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlP
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.362933474.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.362901092.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363054742.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlues
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365737946.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365357991.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360794711.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365212301.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersHCp
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363054742.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersN
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361661933.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerst
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394719735.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comiona
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354410616.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351438590.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354103784.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351346025.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354542599.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354279762.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354724290.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351346025.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351222332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn.
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349373927.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349516056.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/tr
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnH
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350306019.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnalg~
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350212467.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350019879.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnht
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnsk
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373735231.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373103167.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374434646.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374211840.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373529728.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374316037.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373391423.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373940250.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373270413.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374750886.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.376205247.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374879772.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375787400.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373735231.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375922159.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375662436.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373103167.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374434646.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374595213.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374996742.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374211840.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373529728.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375510695.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375139284.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375258553.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374316037.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373391423.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373940250.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.376039705.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375377550.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htme
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.krrmalu
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.342092297.00000000056E2000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356354633.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kra-e
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kra-eQ
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kro.kr-eQ
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krtp
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353956995.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comrll6
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360426299.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360669337.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360542611.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360279739.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360098131.00000000056FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.de
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367265581.0000000005708000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367118907.0000000005708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.de-
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367265581.0000000005708000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367118907.0000000005708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deiva
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn-u
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cngHV
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: BANK DETAILS-26012022-971332pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D873900_2_00D87390
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D8738B0_2_00D8738B
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D875D10_2_00D875D1
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D875E00_2_00D875E0
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_073B92100_2_073B9210
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_073B362D0_2_073B362D
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_073B92010_2_073B9201
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_073B00140_2_073B0014
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_073B00060_2_073B0006
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_073B00400_2_073B0040
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_012420206_2_01242020
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_012426186_2_01242618
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_0124FA406_2_0124FA40
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_02CA46E06_2_02CA46E0
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_02CA46D26_2_02CA46D2
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_02CA46506_2_02CA4650
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_02CA46106_2_02CA4610
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_061175386_2_06117538
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_061190F86_2_061190F8
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_061169206_2_06116920
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_06116C686_2_06116C68
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSafeSerializationManager.dll: vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.393831011.0000000000438000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394968176.000000000273A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394968176.000000000273A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.399229580.0000000007210000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameUI.dllF vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSafeSerializationManager.dll: vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEUdZpNpokUALqNIfXATJDkVIxfYYlYlbEFdtk.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394938777.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394938777.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394938777.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEUdZpNpokUALqNIfXATJDkVIxfYYlYlbEFdtk.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUI.dllF vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000005.00000000.386946387.0000000000368000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000000.392036385.0000000000438000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEUdZpNpokUALqNIfXATJDkVIxfYYlYlbEFdtk.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.608283971.0000000000F58000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000006.00000000.389928677.0000000000BC8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exeBinary or memory string: OriginalFilenameTokenizerStre.exe4 vs BANK DETAILS-26012022-971332pdf.exe
                      Source: BANK DETAILS-26012022-971332pdf.exeVirustotal: Detection: 33%
                      Source: BANK DETAILS-26012022-971332pdf.exeReversingLabs: Detection: 16%
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeFile read: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe:Zone.IdentifierJump to behavior
                      Source: BANK DETAILS-26012022-971332pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe "C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe"
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BANK DETAILS-26012022-971332pdf.exe.logJump to behavior
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@5/1@0/0
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: BANK DETAILS-26012022-971332pdf.exe, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: BANK DETAILS-26012022-971332pdf.exe, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.csCryptographic APIs: 'CreateDecryptor'
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: BANK DETAILS-26012022-971332pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: BANK DETAILS-26012022-971332pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: BANK DETAILS-26012022-971332pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: TokenizerStre.pdb source: BANK DETAILS-26012022-971332pdf.exe

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: BANK DETAILS-26012022-971332pdf.exe, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.3.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 5.2.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.af0000.2.unpack, cl/c2.cs.Net Code: PI8 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: BANK DETAILS-26012022-971332pdf.exe, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 0.2.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 0.0.BANK DETAILS-26012022-971332pdf.exe.360000.0.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.1.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.2.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 5.0.BANK DETAILS-26012022-971332pdf.exe.290000.3.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 5.2.BANK DETAILS-26012022-971332pdf.exe.290000.0.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: 6.0.BANK DETAILS-26012022-971332pdf.exe.af0000.2.unpack, Az/nE.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D840C0 push ecx; ret 0_2_00D840CA
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D841B9 push edx; ret 0_2_00D841BA
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D841BB push edx; ret 0_2_00D841BE
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D841BF push edx; ret 0_2_00D841C2
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D842B0 push esi; ret 0_2_00D842B2
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D8427B push ebp; ret 0_2_00D84282
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_00D8436B push edi; ret 0_2_00D8436E
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 0_2_073B57AB push E9FFFFFEh; retf 0_2_073B57B0
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_0124F940 push es; ret 6_2_0124F950
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_01247A37 push edi; retn 0000h6_2_01247A39
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_02CAD656 push FFFFFF8Bh; iretd 6_2_02CAD65B
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_0611FF35 push ebp; ret 6_2_0611FF3C
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.26fda34.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.277d9e4.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 7104, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 7108Thread sleep time: -36341s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 7140Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 6812Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 6836Thread sleep count: 2660 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe TID: 6836Thread sleep count: 7174 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeWindow / User API: threadDelayed 2660Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeWindow / User API: threadDelayed 7174Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeThread delayed: delay time: 36341Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeMemory written: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeProcess created: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exeCode function: 6_2_06112654 GetUserNameW,6_2_06112654

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.BANK DETAILS-26012022-971332pdf.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.12.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.391395222.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.605562590.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.390418369.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.609225286.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 7104, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 992, type: MEMORYSTR
                      Source: Yara matchFile source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 992, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.BANK DETAILS-26012022-971332pdf.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.12.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.BANK DETAILS-26012022-971332pdf.exe.400000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.3714cc8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BANK DETAILS-26012022-971332pdf.exe.374a4e8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.391395222.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.605562590.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.390418369.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.609225286.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 7104, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BANK DETAILS-26012022-971332pdf.exe PID: 992, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts211
                      Windows Management Instrumentation                      		Path Interception111
                      Process Injection                      		1
                      Masquerading                      		OS Credential Dumping211
                      Security Software Discovery                      		Remote Services11
                      Archive Collected Data                      		Exfiltration Over Other Network Medium1
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Disable or Modify Tools                      		LSASS Memory1
                      Process Discovery                      		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)131
                      Virtualization/Sandbox Evasion                      		Security Account Manager131
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets1
                      Account Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Obfuscated Files or Information                      		Cached Domain Credentials1
                      System Owner/User Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items21
                      Software Packing                      		DCSync113
                      System Information Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      BANK DETAILS-26012022-971332pdf.exe33%VirustotalBrowse
                      BANK DETAILS-26012022-971332pdf.exe16%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      BANK DETAILS-26012022-971332pdf.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      6.0.BANK DETAILS-26012022-971332pdf.exe.400000.10.unpack100%AviraTR/Spy.Gen8Download File
                      6.2.BANK DETAILS-26012022-971332pdf.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                      6.0.BANK DETAILS-26012022-971332pdf.exe.400000.6.unpack100%AviraTR/Spy.Gen8Download File
                      6.0.BANK DETAILS-26012022-971332pdf.exe.400000.8.unpack100%AviraTR/Spy.Gen8Download File
                      6.0.BANK DETAILS-26012022-971332pdf.exe.400000.12.unpack100%AviraTR/Spy.Gen8Download File
                      6.0.BANK DETAILS-26012022-971332pdf.exe.400000.4.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://blog.iandreev.com/0%VirustotalBrowse
                      http://blog.iandreev.com/0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.carterandcone.comslntc0%Avira URL Cloudsafe
                      http://www.sandoll.co.kro.kr-eQ0%Avira URL Cloudsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://fontfabrik.comH0%URL Reputationsafe
                      http://www.carterandcone.come-dq0%Avira URL Cloudsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kra-e0%URL Reputationsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.founder.com.cn/cnH0%URL Reputationsafe
                      http://www.carterandcone.com.0%URL Reputationsafe
                      http://www.fontbureau.comiona0%URL Reputationsafe
                      http://www.founder.com.cn/cn/tr0%Avira URL Cloudsafe
                      http://www.ascendercorp.com/typedesigners.htmlA0%Avira URL Cloudsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.founder.com.cn/cnht0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://www.carterandcone.comgHV0%Avira URL Cloudsafe
                      http://www.carterandcone.como.h0%Avira URL Cloudsafe
                      http://www.carterandcone.com.le0%Avira URL Cloudsafe
                      http://www.galapagosdesign.com/staff/dennis.htme0%Avira URL Cloudsafe
                      http://www.carterandcone.comaJ0%Avira URL Cloudsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.de-0%Avira URL Cloudsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.sandoll.co.krtp0%Avira URL Cloudsafe
                      http://www.urwpp.de0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.carterandcone.como.0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.zhongyicts.com.cn-u0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      http://www.tiro.comrll60%Avira URL Cloudsafe
                      http://www.carterandcone.comic0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://www.carterandcone.come0%URL Reputationsafe
                      http://www.sandoll.co.kra-eQ0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      http://www.carterandcone.comTC0%URL Reputationsafe
                      http://www.carterandcone.comfac0%URL Reputationsafe
                      http://blog.iandreev.com0%Avira URL Cloudsafe
                      http://www.carterandcone.comdd0%URL Reputationsafe
                      http://en.w0%URL Reputationsafe
                      http://www.carterandcone.comn0%URL Reputationsafe
                      http://www.carterandcone.comm0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.founder.com.cn/cn/0%URL Reputationsafe
                      http://www.founder.com.cn/cn.0%URL Reputationsafe
                      http://www.founder.com.cn/cnalg~0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.ascendercorp.com/typedesigners.htmlo0%Avira URL Cloudsafe
                      http://www.zhongyicts.com.cngHV0%Avira URL Cloudsafe
                      http://www.carterandcone.comfly10%Avira URL Cloudsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.zhongyicts.com.cno.0%URL Reputationsafe
                      http://www.founder.com.cn/cnsk0%Avira URL Cloudsafe
                      http://fontfabrik.com(0%Avira URL Cloudsafe
                      http://pqhOZd.com0%Avira URL Cloudsafe
                      http://www.goodfont.co.krrmalu0%Avira URL Cloudsafe
                      http://www.urwpp.deiva0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1BANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://www.fontbureau.com/designersGBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365737946.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://blog.iandreev.com/BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com/designers/?BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/bTheBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers?BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.carterandcone.comslntcBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.sandoll.co.kro.kr-eQBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.tiro.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353956995.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360919131.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361810622.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363198410.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361661933.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://fontfabrik.comHBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344658698.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345178331.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345580315.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346147418.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346312719.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345303828.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345443877.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.come-dqBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.goodfont.co.krBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.sandoll.co.kra-eBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersHCpBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365357991.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360794711.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365212301.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersNBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363054742.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cnHBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.com.BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.comionaBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394719735.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/trBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.ascendercorp.com/typedesigners.htmlABANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356270682.0000000005703000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.sajatypeworks.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.342092297.00000000056E2000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cnhtBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350212467.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350019879.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/cTheBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373735231.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373103167.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374434646.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374211840.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373529728.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374316037.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373391423.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373940250.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373270413.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.comgHVBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.como.hBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.com.leBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmeBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374750886.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.376205247.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374879772.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375787400.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373735231.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375922159.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375662436.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373103167.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374434646.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374595213.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374996742.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374211840.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373529728.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375510695.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375139284.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375258553.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.374316037.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373391423.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.373940250.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.376039705.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.375377550.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.comaJBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.galapagosdesign.com/DPleaseBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fonts.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.sandoll.co.krBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.urwpp.de-BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367265581.0000000005708000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367118907.0000000005708000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://fontfabrik.comhBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344658698.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344422326.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://www.urwpp.deDPleaseBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.sandoll.co.krtpBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.urwpp.deBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360426299.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360669337.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360542611.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360279739.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360098131.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.zhongyicts.com.cnBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.carterandcone.como.BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.sakkal.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356354633.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.zhongyicts.com.cn-uBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.tiro.comrll6BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.com/designerstBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.361661933.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.carterandcone.comicBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.apache.org/licenses/LICENSE-2.0BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://DynDns.comDynDNSBANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comeBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sandoll.co.kra-eQBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349086141.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haBANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comTCBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comfacBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354103784.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354279762.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353956995.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/frere-jones.htmluesBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.362901092.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.363054742.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://blog.iandreev.comBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.carterandcone.comddBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://en.wBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.346004627.000000000570A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.carterandcone.comnBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353431827.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353568562.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.carterandcone.commBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353234598.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.carterandcone.comlBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.founder.com.cn/cn/BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349373927.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349516056.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers/cabarga.htmlNBANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.founder.com.cn/cn.BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351346025.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351222332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.founder.com.cn/cnalg~BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350306019.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.fontbureau.com/designers&BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365212301.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cnBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354410616.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351438590.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354103784.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351346025.0000000005704000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353877517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352922515.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353060474.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354542599.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354279762.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.354724290.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers/frere-jones.htmlBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.362933474.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers/cabarga.htmlPBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365246310.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.364897937.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365059167.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365156266.000000000571E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.ascendercorp.com/typedesigners.htmloBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356421948.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357530502.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356613397.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356354633.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357158070.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356964632.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.357392728.0000000005702000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356270682.0000000005703000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.356823949.0000000005703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers/cabarga.htmlBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365246310.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.364897937.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365059167.000000000571E000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365156266.000000000571E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.zhongyicts.com.cngHVBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351910338.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352544077.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351771477.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352206635.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352739326.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352064269.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.352382107.0000000005700000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.carterandcone.comfly1BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.353745332.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jiyu-kobo.co.jp/BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.zhongyicts.com.cno.BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351621244.0000000005700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers8BANK DETAILS-26012022-971332pdf.exe, 00000000.00000002.398402477.0000000006972000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.founder.com.cn/cnskBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350795224.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350494339.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350942058.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.351004433.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.350640118.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://fontfabrik.com(BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345178331.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344771471.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344713750.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345580315.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.344880171.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345750517.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345042380.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345303828.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345920821.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.345443877.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://pqhOZd.comBANK DETAILS-26012022-971332pdf.exe, 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers/BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.360669337.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.goodfont.co.krrmaluBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.349218787.00000000056FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.urwpp.deivaBANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367265581.0000000005708000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367021864.0000000005707000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.365874962.00000000056FB000.00000004.00000800.00020000.00000000.sdmp, BANK DETAILS-26012022-971332pdf.exe, 00000000.00000003.367118907.0000000005708000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            No contacted IP infos

                                                            General Information

                                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                                            Analysis ID:562235
                                                            Start date:28.01.2022
                                                            Start time:16:58:26
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 8m 15s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Sample file name:BANK DETAILS-26012022-971332pdf.exe
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:21
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal100.troj.evad.winEXE@5/1@0/0
                                                            EGA Information:
                                                            • Successful, ratio: 66.7%
                                                            HDC Information:
                                                            • Successful, ratio: 1.3% (good quality ratio 1%)
                                                            • Quality average: 55.7%
                                                            • Quality standard deviation: 40.2%
                                                            HCA Information:
                                                            • Successful, ratio: 96%
                                                            • Number of executed functions: 67
                                                            • Number of non-executed functions: 9
                                                            Cookbook Comments:
                                                            • Adjust boot time
                                                            • Enable AMSI
                                                            • Found application associated with file extension: .exe

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                            • Excluded IPs from analysis (whitelisted): 131.253.33.200, 13.107.22.200
                                                            • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, www.bing.com, dual-a-0001.dc-msedge.net, client.wns.windows.com, fs.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                            • Execution Graph export aborted for target BANK DETAILS-26012022-971332pdf.exe, PID 6060 because there are no executed function
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            16:59:40API Interceptor599x Sleep call for process: BANK DETAILS-26012022-971332pdf.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            No context

                                                            Domains

                                                            No context

                                                            ASNs

                                                            No context

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BANK DETAILS-26012022-971332pdf.exe.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):1216
                                                            Entropy (8bit):5.355304211458859
                                                            Encrypted:false
                                                            SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                            MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                            SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                            SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                            SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                            Malicious:true
                                                            Reputation:high, very likely benign file
                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):6.584168197470466
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            File name:BANK DETAILS-26012022-971332pdf.exe
                                                            File size:864768
                                                            MD5:910c0f757136dae70dce2cc03696ba22
                                                            SHA1:a85fac6a00637418b448c2bd4385ac5cdc5ffb88
                                                            SHA256:8810e0ffd6b2dd2fc3d00b994bd8c9fcb2c086b9e38843d0ee5507a793ecfdf9
                                                            SHA512:81e14e549f7efb5780d15e073f1d3c5843a27f4f37934bb04fe84da929e1c42d2535f64b3b4853b3f43990013a6f004a186fe53948acdc5ddec4151958057f66
                                                            SSDEEP:12288:X6ZZWo9DBJkKb3KicegnHTHYvc4eix/k7FnJxMHsiCofYpG:XmYoVyteUHsvle+QMHsiffYpG
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..a.................$..........>B... ...`....@.. ....................................@................................

                                                            File Icon

                                                            Icon Hash:00828e8e8686b000

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x4d423e
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                            Time Stamp:0x61F3C26C [Fri Jan 28 10:16:12 2022 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:v4.0.30319
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xd41f00x4b.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000x5b8.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xda0000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xd419f0x1c.text
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000xd22440xd2400False0.519041226962data6.58954319218IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                            .sdata0xd60000x1e80x200False0.861328125data6.63876811814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                            .rsrc0xd80000x5b80x600False0.425130208333data4.10228712874IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0xda0000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            RT_VERSION0xd80a00x32cdata
                                                            RT_MANIFEST0xd83cc0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Version Infos

                                                            DescriptionData
                                                            Translation0x0000 0x04b0
                                                            LegalCopyrightCopyright 2016
                                                            Assembly Version1.0.0.0
                                                            InternalNameTokenizerStre.exe
                                                            FileVersion1.0.0.0
                                                            CompanyName
                                                            LegalTrademarks
                                                            Comments
                                                            ProductNameOthelloCS
                                                            ProductVersion1.0.0.0
                                                            FileDescriptionOthelloCS
                                                            OriginalFilenameTokenizerStre.exe

                                                            Network Behavior

                                                            No network behavior found

                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:16:59:18
                                                            Start date:28/01/2022
                                                            Path:C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe"
                                                            Imagebase:0x360000
                                                            File size:864768 bytes
                                                            MD5 hash:910C0F757136DAE70DCE2CC03696BA22
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Yara matches:
                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.395027648.0000000002769000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.394844148.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.395377349.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low

                                                            General

                                                            Target ID:5
                                                            Start time:16:59:42
                                                            Start date:28/01/2022
                                                            Path:C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                                                            Imagebase:0x290000
                                                            File size:864768 bytes
                                                            MD5 hash:910C0F757136DAE70DCE2CC03696BA22
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low

                                                            General

                                                            Target ID:6
                                                            Start time:16:59:43
                                                            Start date:28/01/2022
                                                            Path:C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\Desktop\BANK DETAILS-26012022-971332pdf.exe
                                                            Imagebase:0xaf0000
                                                            File size:864768 bytes
                                                            MD5 hash:910C0F757136DAE70DCE2CC03696BA22
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Yara matches:
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000006.00000000.391994565.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000006.00000000.390835122.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.609088405.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000000.391395222.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000006.00000000.391395222.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.605562590.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000006.00000002.605562590.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.609225286.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000000.390418369.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000006.00000000.390418369.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:8.6%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:10.6%
                                                              Total number of Nodes:94
                                                              Total number of Limit Nodes:5
                                                              execution_graph 14585 d840d0 14587 d840ec 14585->14587 14586 d8418f 14587->14586 14589 d84283 14587->14589 14590 d8429d 14589->14590 14594 d84378 14590->14594 14598 d84373 14590->14598 14595 d8439f 14594->14595 14597 d8447c 14595->14597 14602 d83e5c 14595->14602 14599 d8439f 14598->14599 14600 d83e5c CreateActCtxA 14599->14600 14601 d8447c 14599->14601 14600->14601 14603 d85408 CreateActCtxA 14602->14603 14605 d854cb 14603->14605 14606 73b7d50 14607 73b7d9b ReadProcessMemory 14606->14607 14609 73b7ddf 14607->14609 14610 73b7ba0 14611 73b7be0 VirtualAllocEx 14610->14611 14613 73b7c1d 14611->14613 14614 73ba300 14615 73ba48b 14614->14615 14617 73ba326 14614->14617 14617->14615 14618 73b6b3c 14617->14618 14619 73ba580 PostMessageW 14618->14619 14620 73ba5ec 14619->14620 14620->14617 14621 73b82c0 14623 73b82e2 14621->14623 14622 73b86d2 14623->14622 14626 73b8dc9 14623->14626 14635 73b8dd8 14623->14635 14627 73b8df5 14626->14627 14644 73b955f 14627->14644 14651 73b9325 14627->14651 14656 73b9695 14627->14656 14661 73b9210 14627->14661 14666 73b9201 14627->14666 14671 73b9473 14627->14671 14628 73b8e35 14628->14623 14636 73b8df5 14635->14636 14638 73b955f 4 API calls 14636->14638 14639 73b9473 2 API calls 14636->14639 14640 73b9201 2 API calls 14636->14640 14641 73b9210 2 API calls 14636->14641 14642 73b9695 2 API calls 14636->14642 14643 73b9325 2 API calls 14636->14643 14637 73b8e35 14637->14623 14638->14637 14639->14637 14640->14637 14641->14637 14642->14637 14643->14637 14645 73b9a08 14644->14645 14647 73b956c 14644->14647 14645->14647 14684 73ba270 14645->14684 14646 73b96dc 14646->14628 14647->14646 14676 73b7c58 14647->14676 14680 73b7c60 14647->14680 14652 73b92e4 14651->14652 14652->14651 14697 73b7f38 14652->14697 14701 73b7f2c 14652->14701 14657 73b969f 14656->14657 14659 73b7c58 WriteProcessMemory 14657->14659 14660 73b7c60 WriteProcessMemory 14657->14660 14658 73b96dc 14658->14628 14658->14658 14659->14658 14660->14658 14662 73b9243 14661->14662 14664 73b7f38 CreateProcessA 14662->14664 14665 73b7f2c CreateProcessA 14662->14665 14663 73b9417 14663->14628 14664->14663 14665->14663 14667 73b9243 14666->14667 14669 73b7f38 CreateProcessA 14667->14669 14670 73b7f2c CreateProcessA 14667->14670 14668 73b9417 14668->14628 14669->14668 14670->14668 14672 73b947c 14671->14672 14705 73b7a18 14672->14705 14709 73b7a10 14672->14709 14673 73b94b7 14673->14628 14673->14673 14677 73b7ca8 WriteProcessMemory 14676->14677 14679 73b7cff 14677->14679 14679->14646 14681 73b7ca8 WriteProcessMemory 14680->14681 14683 73b7cff 14681->14683 14683->14646 14685 73ba28a 14684->14685 14689 73b7ac0 14685->14689 14693 73b7ac8 14685->14693 14686 73ba2bc 14686->14647 14690 73b7b0d SetThreadContext 14689->14690 14692 73b7b55 14690->14692 14692->14686 14694 73b7b0d SetThreadContext 14693->14694 14696 73b7b55 14694->14696 14696->14686 14698 73b7fc1 14697->14698 14698->14698 14699 73b8126 CreateProcessA 14698->14699 14700 73b8183 14699->14700 14702 73b7f38 CreateProcessA 14701->14702 14704 73b8183 14702->14704 14706 73b7a58 ResumeThread 14705->14706 14708 73b7a89 14706->14708 14708->14673 14710 73b7a18 ResumeThread 14709->14710 14712 73b7a89 14710->14712 14712->14673

                                                              Executed Functions

                                                              Function 073B9210 Relevance: .1, Instructions: 131COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 402e75ef10a53f93cc2fc634a2de4caed3ea393cdc7fc424b767586230f4c1d4
                                                              • Instruction ID: 5df8fe197d7b5b9fbadfb816e45c48a6b1eddaae2cc5a3d45f0a7bd3c3037055
                                                              • Opcode Fuzzy Hash: 402e75ef10a53f93cc2fc634a2de4caed3ea393cdc7fc424b767586230f4c1d4
                                                              • Instruction Fuzzy Hash: DB512CB1D10219CBEB24CF66CC44BD9B7B6BF99300F1081A6961DAB654EB706AC5CF40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B9201 Relevance: .1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f3889644830b7bb12573a571533c819250c65a4eda931326a53b0e04c4ca2e7
                                                              • Instruction ID: 8ca09b05a2d5373fbf4151db0c2684eecb197fa912dc96d3ad729ea0df0d69e0
                                                              • Opcode Fuzzy Hash: 1f3889644830b7bb12573a571533c819250c65a4eda931326a53b0e04c4ca2e7
                                                              • Instruction Fuzzy Hash: 98513CB1D1021ACBEB24CF66CC447D9B7F6BF99300F1081AA9519AB654EB705AC5CF80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7F2C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 73b7f2c-73b7fcd 3 73b7fcf-73b7fd9 0->3 4 73b8006-73b8026 0->4 3->4 5 73b7fdb-73b7fdd 3->5 9 73b8028-73b8032 4->9 10 73b805f-73b808e 4->10 6 73b7fdf-73b7fe9 5->6 7 73b8000-73b8003 5->7 11 73b7feb 6->11 12 73b7fed-73b7ffc 6->12 7->4 9->10 13 73b8034-73b8036 9->13 20 73b8090-73b809a 10->20 21 73b80c7-73b8181 CreateProcessA 10->21 11->12 12->12 14 73b7ffe 12->14 15 73b8059-73b805c 13->15 16 73b8038-73b8042 13->16 14->7 15->10 18 73b8046-73b8055 16->18 19 73b8044 16->19 18->18 22 73b8057 18->22 19->18 20->21 23 73b809c-73b809e 20->23 32 73b818a-73b8210 21->32 33 73b8183-73b8189 21->33 22->15 25 73b80c1-73b80c4 23->25 26 73b80a0-73b80aa 23->26 25->21 27 73b80ae-73b80bd 26->27 28 73b80ac 26->28 27->27 30 73b80bf 27->30 28->27 30->25 43 73b8212-73b8216 32->43 44 73b8220-73b8224 32->44 33->32 43->44 47 73b8218 43->47 45 73b8226-73b822a 44->45 46 73b8234-73b8238 44->46 45->46 48 73b822c 45->48 49 73b823a-73b823e 46->49 50 73b8248-73b824c 46->50 47->44 48->46 49->50 51 73b8240 49->51 52 73b825e-73b8265 50->52 53 73b824e-73b8254 50->53 51->50 54 73b827c 52->54 55 73b8267-73b8276 52->55 53->52 56 73b827d 54->56 55->54 56->56
                                                              APIs
                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 073B816E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID: 3"+`$3"+`
                                                              • API String ID: 963392458-1501314970
                                                              • Opcode ID: 9952af2321328f666469e350d7c40ea9adb843c5b82f94b586de8d7bc570af68
                                                              • Instruction ID: 575cc4867769c01d4f38ccf2961d18081854061705dbc4b659ad3bc9003f7d26
                                                              • Opcode Fuzzy Hash: 9952af2321328f666469e350d7c40ea9adb843c5b82f94b586de8d7bc570af68
                                                              • Instruction Fuzzy Hash: A8A18CB1D00619DFEB20CFA8C880BEDBBB6FF48314F048569D918A7640DB759985CF92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7F38 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 58 73b7f38-73b7fcd 60 73b7fcf-73b7fd9 58->60 61 73b8006-73b8026 58->61 60->61 62 73b7fdb-73b7fdd 60->62 66 73b8028-73b8032 61->66 67 73b805f-73b808e 61->67 63 73b7fdf-73b7fe9 62->63 64 73b8000-73b8003 62->64 68 73b7feb 63->68 69 73b7fed-73b7ffc 63->69 64->61 66->67 70 73b8034-73b8036 66->70 77 73b8090-73b809a 67->77 78 73b80c7-73b8181 CreateProcessA 67->78 68->69 69->69 71 73b7ffe 69->71 72 73b8059-73b805c 70->72 73 73b8038-73b8042 70->73 71->64 72->67 75 73b8046-73b8055 73->75 76 73b8044 73->76 75->75 79 73b8057 75->79 76->75 77->78 80 73b809c-73b809e 77->80 89 73b818a-73b8210 78->89 90 73b8183-73b8189 78->90 79->72 82 73b80c1-73b80c4 80->82 83 73b80a0-73b80aa 80->83 82->78 84 73b80ae-73b80bd 83->84 85 73b80ac 83->85 84->84 87 73b80bf 84->87 85->84 87->82 100 73b8212-73b8216 89->100 101 73b8220-73b8224 89->101 90->89 100->101 104 73b8218 100->104 102 73b8226-73b822a 101->102 103 73b8234-73b8238 101->103 102->103 105 73b822c 102->105 106 73b823a-73b823e 103->106 107 73b8248-73b824c 103->107 104->101 105->103 106->107 108 73b8240 106->108 109 73b825e-73b8265 107->109 110 73b824e-73b8254 107->110 108->107 111 73b827c 109->111 112 73b8267-73b8276 109->112 110->109 113 73b827d 111->113 112->111 113->113
                                                              APIs
                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 073B816E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID: 3"+`$3"+`
                                                              • API String ID: 963392458-1501314970
                                                              • Opcode ID: c7bc31ac90f6be6942c47316d5b5232021a19059c4f1bc9343b5b035083371e4
                                                              • Instruction ID: d0e529052d00cce18b8da4cb0055d9f29661ee97f11a99ed13d2078b4bbfdde1
                                                              • Opcode Fuzzy Hash: c7bc31ac90f6be6942c47316d5b5232021a19059c4f1bc9343b5b035083371e4
                                                              • Instruction Fuzzy Hash: 3F917CB1D00619DFEF20CFA8C8807EDBBB6BF48314F048569D919A7640DB759985CF92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D83E5C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 115 d83e5c-d854c9 CreateActCtxA 118 d854cb-d854d1 115->118 119 d854d2-d8552c 115->119 118->119 126 d8553b-d8553f 119->126 127 d8552e-d85531 119->127 128 d85550 126->128 129 d85541-d8554d 126->129 127->126 131 d85551 128->131 129->128 131->131
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 00D854B9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394642817.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d80000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID: 3"+`
                                                              • API String ID: 2289755597-3285288684
                                                              • Opcode ID: f948224d7916664446b9fccc3b43258a063f51967a728837c5741ddb1f42218a
                                                              • Instruction ID: bcc5163a1da08080a7f46a89a0bf7aee96dd1b177c8ee076c56976e0d9a7114a
                                                              • Opcode Fuzzy Hash: f948224d7916664446b9fccc3b43258a063f51967a728837c5741ddb1f42218a
                                                              • Instruction Fuzzy Hash: 4541F2B0C00718CFDB24DF99C9447CEBBB6BF49308F248469D419AB255D7756989CFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D85403 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 132 d85403-d854c9 CreateActCtxA 134 d854cb-d854d1 132->134 135 d854d2-d8552c 132->135 134->135 142 d8553b-d8553f 135->142 143 d8552e-d85531 135->143 144 d85550 142->144 145 d85541-d8554d 142->145 143->142 147 d85551 144->147 145->144 147->147
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 00D854B9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394642817.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d80000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID: 3"+`
                                                              • API String ID: 2289755597-3285288684
                                                              • Opcode ID: 07a37e67cfcbf99fb06b7d06d2edf1e23bf26458989ac7e5d12b02ec42347b9c
                                                              • Instruction ID: 9d2872c6074d0535a0933453c2239e21c4b9131e51c71a30d56eb89c621ec5f9
                                                              • Opcode Fuzzy Hash: 07a37e67cfcbf99fb06b7d06d2edf1e23bf26458989ac7e5d12b02ec42347b9c
                                                              • Instruction Fuzzy Hash: F44112B0C00719CFDB14DFA9C8847CDBBB6BF48308F248469D418AB255DB75698ACFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7C58 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71injectionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 148 73b7c58-73b7cae 150 73b7cbe-73b7cfd WriteProcessMemory 148->150 151 73b7cb0-73b7cbc 148->151 153 73b7cff-73b7d05 150->153 154 73b7d06-73b7d36 150->154 151->150 153->154
                                                              APIs
                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073B7CF0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID: 3"+`
                                                              • API String ID: 3559483778-3285288684
                                                              • Opcode ID: b70d56f71dd4737dad8a746bad68519c376ba339deb9a4d958ead33daa707738
                                                              • Instruction ID: 64823d07e567b5b2ba39549f8aec5af59713f0e0733ac587821e0153859dbb00
                                                              • Opcode Fuzzy Hash: b70d56f71dd4737dad8a746bad68519c376ba339deb9a4d958ead33daa707738
                                                              • Instruction Fuzzy Hash: AA2157B19003599FCB10CFA9C8847EEBBB5FF48354F14842AE919A7640D7789954CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7D48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 158 73b7d48-73b7ddd ReadProcessMemory 163 73b7ddf-73b7de5 158->163 164 73b7de6-73b7e16 158->164 163->164
                                                              APIs
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 073B7DD0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessRead
                                                              • String ID: 3"+`
                                                              • API String ID: 1726664587-3285288684
                                                              • Opcode ID: 83e38587315d859f0fd0471f1056e926f90bbcc87b3c2c7c0cea47a5090b511b
                                                              • Instruction ID: b3aacb63fc44d3da7742aebc3ee7f27a7ac6058f27a7df84cd6f01186e6a4bea
                                                              • Opcode Fuzzy Hash: 83e38587315d859f0fd0471f1056e926f90bbcc87b3c2c7c0cea47a5090b511b
                                                              • Instruction Fuzzy Hash: 182128B1C003599FDB10CFA9C8446EEFBB5FF48354F54842AE519A3640D7749954CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7C60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 168 73b7c60-73b7cae 170 73b7cbe-73b7cfd WriteProcessMemory 168->170 171 73b7cb0-73b7cbc 168->171 173 73b7cff-73b7d05 170->173 174 73b7d06-73b7d36 170->174 171->170 173->174
                                                              APIs
                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073B7CF0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID: 3"+`
                                                              • API String ID: 3559483778-3285288684
                                                              • Opcode ID: 351def0b9eb74c0707e1f7774b437bb586d16fe27d03169e37233f5d012432b0
                                                              • Instruction ID: 7f421d9266d941ec4904a807bbe61f95a93320977d7a9610911d9f571eb87f69
                                                              • Opcode Fuzzy Hash: 351def0b9eb74c0707e1f7774b437bb586d16fe27d03169e37233f5d012432b0
                                                              • Instruction Fuzzy Hash: CC2128B19003599FCB10CFA9C8847DEBBF5FF48354F10842AE919A7740D7789954CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7AC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadinjectionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 178 73b7ac0-73b7b13 180 73b7b23-73b7b53 SetThreadContext 178->180 181 73b7b15-73b7b21 178->181 183 73b7b5c-73b7b8c 180->183 184 73b7b55-73b7b5b 180->184 181->180 184->183
                                                              APIs
                                                              • SetThreadContext.KERNELBASE(?,00000000), ref: 073B7B46
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: ContextThread
                                                              • String ID: 3"+`
                                                              • API String ID: 1591575202-3285288684
                                                              • Opcode ID: 8597bb646bd0dc848dd33b1dd541019504a7a067f43a94d77451904c68d3ca35
                                                              • Instruction ID: 205e4e0956aa84426f386b68746277c190146b8329f300177e8c3acefc9fb37f
                                                              • Opcode Fuzzy Hash: 8597bb646bd0dc848dd33b1dd541019504a7a067f43a94d77451904c68d3ca35
                                                              • Instruction Fuzzy Hash: 772168B1D003199FDB10CFA9C4847EEBBF4EF98364F14842AD528A7640DB789984CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7AC8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadinjectionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 188 73b7ac8-73b7b13 190 73b7b23-73b7b53 SetThreadContext 188->190 191 73b7b15-73b7b21 188->191 193 73b7b5c-73b7b8c 190->193 194 73b7b55-73b7b5b 190->194 191->190 194->193
                                                              APIs
                                                              • SetThreadContext.KERNELBASE(?,00000000), ref: 073B7B46
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: ContextThread
                                                              • String ID: 3"+`
                                                              • API String ID: 1591575202-3285288684
                                                              • Opcode ID: 16b249d21ca92faf18a0e79eaa8bc505e90a74218b77c48ccc671682aa730193
                                                              • Instruction ID: 1b6afd47294c704548dff5b30a595feead7674a9b4ff44cf4c6ceddfc0ad9863
                                                              • Opcode Fuzzy Hash: 16b249d21ca92faf18a0e79eaa8bc505e90a74218b77c48ccc671682aa730193
                                                              • Instruction Fuzzy Hash: 672138B1D003099FDB10CFA9C4847EEBBF5EF98364F14842AD519A7640DB78A944CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7D50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 198 73b7d50-73b7ddd ReadProcessMemory 201 73b7ddf-73b7de5 198->201 202 73b7de6-73b7e16 198->202 201->202
                                                              APIs
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 073B7DD0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessRead
                                                              • String ID: 3"+`
                                                              • API String ID: 1726664587-3285288684
                                                              • Opcode ID: 7fdc7d3ebcd56eae74f963809fc98b2d00dc91fe28014a195fd8ae02c0e3df0f
                                                              • Instruction ID: 83cadc7fabc809035b9c9cdf64b16a14a8293ffe04fc81ce1a55ee24f9937cd8
                                                              • Opcode Fuzzy Hash: 7fdc7d3ebcd56eae74f963809fc98b2d00dc91fe28014a195fd8ae02c0e3df0f
                                                              • Instruction Fuzzy Hash: F62119B1D003599FCB10CFA9C8447EEBBB5FF48354F50842AE519A7240D7789954CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7B98 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 206 73b7b98-73b7be3 209 73b7bea-73b7c1b VirtualAllocEx 206->209 210 73b7c1d-73b7c23 209->210 211 73b7c24-73b7c49 209->211 210->211
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073B7C0E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: 3"+`
                                                              • API String ID: 4275171209-3285288684
                                                              • Opcode ID: d9e917010fc80de482f14ea5d35bc6f588e07ace648bb4bd475638ecf26865dc
                                                              • Instruction ID: 7030daf3778adb3ee71fd49a090ffa74b268ebf6bf3939875b28d9e53a76eba8
                                                              • Opcode Fuzzy Hash: d9e917010fc80de482f14ea5d35bc6f588e07ace648bb4bd475638ecf26865dc
                                                              • Instruction Fuzzy Hash: BA2167B19003499FCB10CFA9C8447DFBBF9EF48324F14881AE925A7600D7799954CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7BA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 224 73b7ba0-73b7c1b VirtualAllocEx 227 73b7c1d-73b7c23 224->227 228 73b7c24-73b7c49 224->228 227->228
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073B7C0E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: 3"+`
                                                              • API String ID: 4275171209-3285288684
                                                              • Opcode ID: 0fc59a854a075917ad97bb84983d608d0826b851636dec0059b499f17951e854
                                                              • Instruction ID: 658833264ff76f6878b9508033f62901a8c896a2de8e53b70bbbe7c3a774dfb0
                                                              • Opcode Fuzzy Hash: 0fc59a854a075917ad97bb84983d608d0826b851636dec0059b499f17951e854
                                                              • Instruction Fuzzy Hash: 701137719002499FCF10CFA9C8447DFBBF9EF88324F14881AE529A7650D775A954CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7A10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53threadCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 215 73b7a10-73b7a87 ResumeThread 219 73b7a89-73b7a8f 215->219 220 73b7a90-73b7ab5 215->220 219->220
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID: 3"+`
                                                              • API String ID: 947044025-3285288684
                                                              • Opcode ID: bab2e111877575248d5c10a2bddc9639688cb3210775a6f442df822fce71a813
                                                              • Instruction ID: f449135425c702eb85b5a9b3329885a638bdd7c32c34820f1c891bdcc36952bf
                                                              • Opcode Fuzzy Hash: bab2e111877575248d5c10a2bddc9639688cb3210775a6f442df822fce71a813
                                                              • Instruction Fuzzy Hash: 5A113AB59003498FDB10DFA9C4447DFFBF8EF48254F14881AD429A7640D775A944CBA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B7A18 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 232 73b7a18-73b7a87 ResumeThread 235 73b7a89-73b7a8f 232->235 236 73b7a90-73b7ab5 232->236 235->236
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID: 3"+`
                                                              • API String ID: 947044025-3285288684
                                                              • Opcode ID: b229a0dd20f7ccbe001fe4092442cf58e1ed84f00c7e8de1ff56e90976b87295
                                                              • Instruction ID: fbd7ab1f061cd6909cd675af9d1da203c1924e188463c40dcf176485408d3d3b
                                                              • Opcode Fuzzy Hash: b229a0dd20f7ccbe001fe4092442cf58e1ed84f00c7e8de1ff56e90976b87295
                                                              • Instruction Fuzzy Hash: CC1128B1D003498FDB10DFA9C8447DFFBF9EB88268F14881AD529A7740D778A944CBA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B6B3C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 240 73b6b3c-73ba5ea PostMessageW 242 73ba5ec-73ba5f2 240->242 243 73ba5f3-73ba607 240->243 242->243
                                                              APIs
                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 073BA5DD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: MessagePost
                                                              • String ID: 3"+`
                                                              • API String ID: 410705778-3285288684
                                                              • Opcode ID: 85a294d9b2beb63c13e039c78c6ea3ec210f549625e6ad89331f0f4cd1dc9846
                                                              • Instruction ID: 07e303b47f418ec0955b126c3482e5c51ead5d4f73b930fc65caa093af1492f7
                                                              • Opcode Fuzzy Hash: 85a294d9b2beb63c13e039c78c6ea3ec210f549625e6ad89331f0f4cd1dc9846
                                                              • Instruction Fuzzy Hash: 25110AB58007499FDB10CF99D485BDEBBF8EB48324F10841AE554A7700D375AA94CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D0D01C Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394404275.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d0d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f7f9c878dca40c7f05efbd091cd9e464b8dd462e274fa2f77bdc5215df691c9e
                                                              • Instruction ID: c46a44bda363d196a75f23fe253a50c592c5a252cb5ec5070d1651d87a6e9269
                                                              • Opcode Fuzzy Hash: f7f9c878dca40c7f05efbd091cd9e464b8dd462e274fa2f77bdc5215df691c9e
                                                              • Instruction Fuzzy Hash: 0121C275604240EFDB14DF94D9C4B16BB66FB88324F24C96EE84E4B286C33BD846CA71
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D0D005 Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394404275.0000000000D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D0D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d0d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 10a7a72c708cac70bb1b1f012a5dd4cf60565006c5786eb0d52bf3507e69696f
                                                              • Instruction ID: cd100059033fc7f300745ac80becc944c4fa8cfc730ca8cef0c717f5c1264872
                                                              • Opcode Fuzzy Hash: 10a7a72c708cac70bb1b1f012a5dd4cf60565006c5786eb0d52bf3507e69696f
                                                              • Instruction Fuzzy Hash: 862180755093C08FCB12CF24D994715BF71EB46314F28C5EBD8498B697C33A984ACB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 073B362D Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: UUUU$p~
                                                              • API String ID: 0-1128500308
                                                              • Opcode ID: b75ba0e5714aeb30aed55233fa8ee75cc4be64e6c1a494b567c3fb22efd15db4
                                                              • Instruction ID: f72118192eb5589c5dcf584f118abf0da5983ddb3a4cca2d42649151dc58555a
                                                              • Opcode Fuzzy Hash: b75ba0e5714aeb30aed55233fa8ee75cc4be64e6c1a494b567c3fb22efd15db4
                                                              • Instruction Fuzzy Hash: F1517B70E112288FEBA0CF69C981B8DBBF2BB48314F1486E9D11CE7255DB309A85CF05
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D875D1 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394642817.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d80000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: M
                                                              • API String ID: 0-3664761504
                                                              • Opcode ID: 254d07e48d703c9a0ca762c7c3a43e01b6bc38cafc14a204cb891b82fb18cc92
                                                              • Instruction ID: 9276579101d4232f94b99636616279b428a2ad3debe7333db60d3d36ef0ea39e
                                                              • Opcode Fuzzy Hash: 254d07e48d703c9a0ca762c7c3a43e01b6bc38cafc14a204cb891b82fb18cc92
                                                              • Instruction Fuzzy Hash: 7A515B71E056598BEB28DF6B8D4469DFBF3AFC9304F18C1BAC40CAA255EB3059428F51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D875E0 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394642817.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d80000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: M
                                                              • API String ID: 0-3664761504
                                                              • Opcode ID: dd3f0660b8bbce21cb12fd72f04d455dc7719b72f013a7f71f7e8d8671b102f6
                                                              • Instruction ID: bced36e81892da18bd083e7750254e18289daaa3a84ed8dd665a1cc5ce396c23
                                                              • Opcode Fuzzy Hash: dd3f0660b8bbce21cb12fd72f04d455dc7719b72f013a7f71f7e8d8671b102f6
                                                              • Instruction Fuzzy Hash: 85515D71E056598BEB28DF6BCD44799FAF3AFC8304F18C1BA844CAA254DB304982CF11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D8738B Relevance: .1, Instructions: 143COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394642817.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d80000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67745b256f70892c33cfb1d1b50201c01532cf20d124c54d27e6f1cdc944d72e
                                                              • Instruction ID: 98407dd05eb5c0465341a1ec7539667e460ae1e1ba821ca44cf7cc1c00c33a22
                                                              • Opcode Fuzzy Hash: 67745b256f70892c33cfb1d1b50201c01532cf20d124c54d27e6f1cdc944d72e
                                                              • Instruction Fuzzy Hash: B95171B1A00208CFDB44EFB5E850BDE7BB2AB85304F14C929D1089B365FB3599058FA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00D87390 Relevance: .1, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.394642817.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d80000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a70a9671b2f8f689fbc7b6be47bc090266951ec4d4e71f0bf74c11910db1e181
                                                              • Instruction ID: 63bf490498a51d3961f52515fe175b5f0db8ec6ce321e8d59fc088f1a5fafa5d
                                                              • Opcode Fuzzy Hash: a70a9671b2f8f689fbc7b6be47bc090266951ec4d4e71f0bf74c11910db1e181
                                                              • Instruction Fuzzy Hash: 7D5160B1A00208CFDB44EFA9E851BDE7BB6AB85304F14C929D1089B365FB3599058FA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B0006 Relevance: .1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c776c92cf030bba8184556f880f74e59e1c3f9868396ba7a2d325731e9109455
                                                              • Instruction ID: 0a82546bd0bd1e14871de147749cd7c9eee41e4dcc6762656fff94691307e223
                                                              • Opcode Fuzzy Hash: c776c92cf030bba8184556f880f74e59e1c3f9868396ba7a2d325731e9109455
                                                              • Instruction Fuzzy Hash: D9516CB1D056598BE76DCF6B8C5028AFBF7AFC5200F18C1FAC50CAA265EB3449858F11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B0014 Relevance: .1, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 25cbe86369259896be40f58e14abcb3f6b3b7b08dea2d879b7a7c8f4a631ea9f
                                                              • Instruction ID: dee5ca589d8d87acc55334c86aae3fdf30952c0973ac3480fb9cc616a693da66
                                                              • Opcode Fuzzy Hash: 25cbe86369259896be40f58e14abcb3f6b3b7b08dea2d879b7a7c8f4a631ea9f
                                                              • Instruction Fuzzy Hash: 194161B1D056558BEB6DCF678C4028AFBF7AFC5200F18C1FAC50CAA255DB3449458F15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B0040 Relevance: .1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0ab6f9b8c6dc7774598b32439b3df2579e5fc6acfe2d5aa344dd954130a7bec3
                                                              • Instruction ID: 270d546f0890e5bef36334c48819c76bcb1df55fa74775262ee98de385d8f45c
                                                              • Opcode Fuzzy Hash: 0ab6f9b8c6dc7774598b32439b3df2579e5fc6acfe2d5aa344dd954130a7bec3
                                                              • Instruction Fuzzy Hash: 704144B1E016588BEB6CCF6B8D4078AFAF7BFC9200F14C1BA850CAA255DB3049858F15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 073B9678 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.399511994.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_73b0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 89d930578d6ba066095ff1be51af6e7e119ec31dd37e0c3a16c1cfb14768b1b1
                                                              • Instruction ID: 758c141a4ee3b21d11b03d1288c44b6448a277dbd6ba8f1a9913a348c526aac8
                                                              • Opcode Fuzzy Hash: 89d930578d6ba066095ff1be51af6e7e119ec31dd37e0c3a16c1cfb14768b1b1
                                                              • Instruction Fuzzy Hash: DFF0E7B0D5A12CCBEB64CF58D845BECB7B8AB06711F4014D5D30CA3A81C335AA84CF11
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Execution Graph

                                                              Execution Coverage:10.4%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:100
                                                              Total number of Limit Nodes:5
                                                              execution_graph 37192 2ca15a8 37193 2ca15d7 37192->37193 37196 2ca130c 37193->37196 37195 2ca16fc 37197 2ca1317 37196->37197 37201 2ca3699 37197->37201 37206 2ca36a8 37197->37206 37198 2ca1c8a 37198->37195 37202 2ca36d2 37201->37202 37203 2ca3779 37202->37203 37211 2ca5072 37202->37211 37214 2ca5080 37202->37214 37207 2ca36d2 37206->37207 37208 2ca3779 37207->37208 37209 2ca5072 CreateWindowExW 37207->37209 37210 2ca5080 CreateWindowExW 37207->37210 37209->37208 37210->37208 37212 2ca50b5 37211->37212 37217 2ca35b4 37211->37217 37212->37203 37215 2ca35b4 CreateWindowExW 37214->37215 37216 2ca50b5 37215->37216 37216->37203 37218 2ca50d0 CreateWindowExW 37217->37218 37220 2ca51f4 37218->37220 37221 2ca6ba8 DuplicateHandle 37222 2ca6c3e 37221->37222 37223 2c4d01c 37224 2c4d034 37223->37224 37225 2c4d08e 37224->37225 37230 2ca5288 37224->37230 37234 2ca7bc0 37224->37234 37242 2ca35dc 37224->37242 37250 2ca5278 37224->37250 37231 2ca52ae 37230->37231 37232 2ca35dc CallWindowProcW 37231->37232 37233 2ca52cf 37232->37233 37233->37225 37237 2ca7bfd 37234->37237 37235 2ca7c31 37262 2ca77cc 37235->37262 37237->37235 37238 2ca7c21 37237->37238 37254 2ca7d48 37238->37254 37258 2ca7d58 37238->37258 37239 2ca7c2f 37243 2ca35e7 37242->37243 37244 2ca7c31 37243->37244 37246 2ca7c21 37243->37246 37245 2ca77cc CallWindowProcW 37244->37245 37247 2ca7c2f 37245->37247 37248 2ca7d48 CallWindowProcW 37246->37248 37249 2ca7d58 CallWindowProcW 37246->37249 37248->37247 37249->37247 37251 2ca5288 37250->37251 37252 2ca35dc CallWindowProcW 37251->37252 37253 2ca52cf 37252->37253 37253->37225 37256 2ca7d66 37254->37256 37255 2ca77cc CallWindowProcW 37255->37256 37256->37255 37257 2ca7e4f 37256->37257 37257->37239 37259 2ca7d66 37258->37259 37260 2ca77cc CallWindowProcW 37259->37260 37261 2ca7e4f 37259->37261 37260->37259 37261->37239 37263 2ca77d7 37262->37263 37264 2ca7f1a CallWindowProcW 37263->37264 37265 2ca7ec9 37263->37265 37264->37265 37265->37239 37266 2cab791 37267 2cab732 37266->37267 37269 2cab79a 37266->37269 37271 2cab97a 37267->37271 37268 2cab74d 37272 2cab983 37271->37272 37277 2caba4f 37271->37277 37282 2cabb76 37271->37282 37287 2caba60 37271->37287 37292 2cabb5c 37271->37292 37272->37268 37278 2caba60 37277->37278 37279 2cabb9b 37278->37279 37297 2cabe68 37278->37297 37302 2cabe57 37278->37302 37283 2cabb89 37282->37283 37284 2cabb9b 37282->37284 37285 2cabe68 2 API calls 37283->37285 37286 2cabe57 2 API calls 37283->37286 37285->37284 37286->37284 37288 2cabaa4 37287->37288 37289 2cabb9b 37288->37289 37290 2cabe68 2 API calls 37288->37290 37291 2cabe57 2 API calls 37288->37291 37290->37289 37291->37289 37293 2cabb0f 37292->37293 37294 2cabb9b 37293->37294 37295 2cabe68 2 API calls 37293->37295 37296 2cabe57 2 API calls 37293->37296 37295->37294 37296->37294 37298 2cabe76 37297->37298 37307 2cabeb8 37298->37307 37311 2cabea9 37298->37311 37299 2cabe86 37299->37279 37303 2cabe68 37302->37303 37305 2cabeb8 RtlEncodePointer 37303->37305 37306 2cabea9 RtlEncodePointer 37303->37306 37304 2cabe86 37304->37279 37305->37304 37306->37304 37308 2cabef2 37307->37308 37309 2cabf1c RtlEncodePointer 37308->37309 37310 2cabf45 37308->37310 37309->37310 37310->37299 37312 2cabef2 37311->37312 37313 2cabf1c RtlEncodePointer 37312->37313 37314 2cabf45 37312->37314 37313->37314 37314->37299

                                                              Executed Functions

                                                              Function 06112654 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 6112654-611b557 2 611b5c2-611b5c6 0->2 3 611b559-611b584 0->3 4 611b5f1-611b5fc 2->4 5 611b5c8-611b5eb 2->5 10 611b5b4 3->10 11 611b586-611b588 3->11 7 611b608-611b643 GetUserNameW 4->7 8 611b5fe-611b606 4->8 5->4 12 611b645-611b64b 7->12 13 611b64c-611b662 7->13 8->7 18 611b5b9-611b5bc 10->18 14 611b5aa-611b5b2 11->14 15 611b58a-611b594 11->15 12->13 16 611b664-611b670 13->16 17 611b678-611b69f 13->17 14->18 21 611b596 15->21 22 611b598-611b5a6 15->22 16->17 25 611b6a1-611b6a5 17->25 26 611b6af 17->26 18->2 21->22 22->22 27 611b5a8 22->27 25->26 28 611b6a7 25->28 29 611b6b0 26->29 27->14 28->26 29->29
                                                              APIs
                                                              • GetUserNameW.ADVAPI32(00000000,00000000), ref: 0611B633
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.610032841.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_6110000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: NameUser
                                                              • String ID:
                                                              • API String ID: 2645101109-0
                                                              • Opcode ID: 5949ef6c78e9d4073cf36213c10371b761d65574d78e2d8a55b542a585e23ecb
                                                              • Instruction ID: 7b859062d49ffecb624c9fdadf241a6a99ca21d6552b78a16ba1ba98ae1461db
                                                              • Opcode Fuzzy Hash: 5949ef6c78e9d4073cf36213c10371b761d65574d78e2d8a55b542a585e23ecb
                                                              • Instruction Fuzzy Hash: 6C5112B4D142688FDB58CFA9C884BDDBBB1BF48314F148529E819BB790DB749844CF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01242618 Relevance: .4, Instructions: 441COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2371ccfc1c675b884cd9ea379eb3fee7a51d4288662acab7af69033a32e14c72
                                                              • Instruction ID: 224713260d06b9e2becd9edfb43726022ec5d1ec568b6d9ce453033e833206d3
                                                              • Opcode Fuzzy Hash: 2371ccfc1c675b884cd9ea379eb3fee7a51d4288662acab7af69033a32e14c72
                                                              • Instruction Fuzzy Hash: 75025C31A10119DFDB19CFAAD984AADBBF6FF88304F158469F915AB261D730DC41CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01242020 Relevance: .4, Instructions: 432COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60b0d2ef111395cb5409fcd506025d9d728cc3d3ca09a5a9f06a62a7b70d097b
                                                              • Instruction ID: 264a6f9a8008725509211e68c7e01b309b9a781603f06905d8929c362f2e6f56
                                                              • Opcode Fuzzy Hash: 60b0d2ef111395cb5409fcd506025d9d728cc3d3ca09a5a9f06a62a7b70d097b
                                                              • Instruction Fuzzy Hash: D8F1AD70A101598FCB19DFA9D894BAEBBF6AF88304F108469E506EB395DF34DC41CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0611B4EC Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 30 611b4ec-611b557 32 611b5c2-611b5c6 30->32 33 611b559-611b584 30->33 34 611b5f1-611b5fc 32->34 35 611b5c8-611b5eb 32->35 40 611b5b4 33->40 41 611b586-611b588 33->41 37 611b608-611b643 GetUserNameW 34->37 38 611b5fe-611b606 34->38 35->34 42 611b645-611b64b 37->42 43 611b64c-611b662 37->43 38->37 48 611b5b9-611b5bc 40->48 44 611b5aa-611b5b2 41->44 45 611b58a-611b594 41->45 42->43 46 611b664-611b670 43->46 47 611b678-611b69f 43->47 44->48 51 611b596 45->51 52 611b598-611b5a6 45->52 46->47 55 611b6a1-611b6a5 47->55 56 611b6af 47->56 48->32 51->52 52->52 57 611b5a8 52->57 55->56 58 611b6a7 55->58 59 611b6b0 56->59 57->44 58->56 59->59
                                                              APIs
                                                              • GetUserNameW.ADVAPI32(00000000,00000000), ref: 0611B633
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.610032841.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_6110000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: NameUser
                                                              • String ID:
                                                              • API String ID: 2645101109-0
                                                              • Opcode ID: c25e87c4a96da99b2f65730144da6418aa306079c0787912fc3979033cfc4534
                                                              • Instruction ID: 98d92d708e11ed47bb129c45cae596f46d5a14afdd4a5d7523afa286a4857841
                                                              • Opcode Fuzzy Hash: c25e87c4a96da99b2f65730144da6418aa306079c0787912fc3979033cfc4534
                                                              • Instruction Fuzzy Hash: 31512174D142688FDB58CFA9C884BDDBBB1BF48314F148529E819BB391D774A884CF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 06119ABC Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 60 6119abc-611b557 62 611b5c2-611b5c6 60->62 63 611b559-611b584 60->63 64 611b5f1-611b5fc 62->64 65 611b5c8-611b5eb 62->65 70 611b5b4 63->70 71 611b586-611b588 63->71 67 611b608-611b643 GetUserNameW 64->67 68 611b5fe-611b606 64->68 65->64 72 611b645-611b64b 67->72 73 611b64c-611b662 67->73 68->67 78 611b5b9-611b5bc 70->78 74 611b5aa-611b5b2 71->74 75 611b58a-611b594 71->75 72->73 76 611b664-611b670 73->76 77 611b678-611b69f 73->77 74->78 81 611b596 75->81 82 611b598-611b5a6 75->82 76->77 85 611b6a1-611b6a5 77->85 86 611b6af 77->86 78->62 81->82 82->82 87 611b5a8 82->87 85->86 88 611b6a7 85->88 89 611b6b0 86->89 87->74 88->86 89->89
                                                              APIs
                                                              • GetUserNameW.ADVAPI32(00000000,00000000), ref: 0611B633
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.610032841.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_6110000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: NameUser
                                                              • String ID:
                                                              • API String ID: 2645101109-0
                                                              • Opcode ID: dd4743bff2ecca3b468b6b37efb4fd15f50f476bcc26f1a1240b7ee55831f603
                                                              • Instruction ID: e8dc79420651f8160c6544bbcb59ab2e550f2c4c0423c900fe7b2246350035f0
                                                              • Opcode Fuzzy Hash: dd4743bff2ecca3b468b6b37efb4fd15f50f476bcc26f1a1240b7ee55831f603
                                                              • Instruction Fuzzy Hash: F8511274D142688FDB58CFA9C884BDDBBB1BF48314F148529E819BB390D7749844CF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02CA35B4 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 90 2ca35b4-2ca5136 92 2ca5138-2ca513e 90->92 93 2ca5141-2ca5148 90->93 92->93 94 2ca514a-2ca5150 93->94 95 2ca5153-2ca51f2 CreateWindowExW 93->95 94->95 97 2ca51fb-2ca5233 95->97 98 2ca51f4-2ca51fa 95->98 102 2ca5240 97->102 103 2ca5235-2ca5238 97->103 98->97 104 2ca5241 102->104 103->102 104->104
                                                              APIs
                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02CA51E2
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.609010615.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ca0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: CreateWindow
                                                              • String ID:
                                                              • API String ID: 716092398-0
                                                              • Opcode ID: 46c2d9a888a3060ebd00856cda5d453fcd215122b345759b27e2fc547261f844
                                                              • Instruction ID: a33e584848452ec4c870b50355ea26ee70b3ad4bdd0694eaf519c4b8c1f4695d
                                                              • Opcode Fuzzy Hash: 46c2d9a888a3060ebd00856cda5d453fcd215122b345759b27e2fc547261f844
                                                              • Instruction Fuzzy Hash: B451E0B1D003099FDF14CF99D894ADEBBB5FF88354F64822AE819AB210D7749985CF90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02CA50C6 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 105 2ca50c6-2ca5136 107 2ca5138-2ca513e 105->107 108 2ca5141-2ca5148 105->108 107->108 109 2ca514a-2ca5150 108->109 110 2ca5153-2ca518b 108->110 109->110 111 2ca5193-2ca51f2 CreateWindowExW 110->111 112 2ca51fb-2ca5233 111->112 113 2ca51f4-2ca51fa 111->113 117 2ca5240 112->117 118 2ca5235-2ca5238 112->118 113->112 119 2ca5241 117->119 118->117 119->119
                                                              APIs
                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02CA51E2
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.609010615.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ca0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: CreateWindow
                                                              • String ID:
                                                              • API String ID: 716092398-0
                                                              • Opcode ID: d1551ad8efc5bc4788f118f0cbe6bb0d11f3be38ad728aec75901283843ed68a
                                                              • Instruction ID: 726fe3dfc41c03a5b26a0cdc2cd9197f44b10228d17aff55511d7e1f09fb1105
                                                              • Opcode Fuzzy Hash: d1551ad8efc5bc4788f118f0cbe6bb0d11f3be38ad728aec75901283843ed68a
                                                              • Instruction Fuzzy Hash: 0651F2B1D003099FDF14CF99D880ADEBBB5FF88354F64822AE819AB210D7749985CF90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02CA77CC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 120 2ca77cc-2ca7ebc 123 2ca7f6c-2ca7f8c call 2ca35dc 120->123 124 2ca7ec2-2ca7ec7 120->124 131 2ca7f8f-2ca7f9c 123->131 126 2ca7f1a-2ca7f52 CallWindowProcW 124->126 127 2ca7ec9-2ca7f00 124->127 128 2ca7f5b-2ca7f6a 126->128 129 2ca7f54-2ca7f5a 126->129 134 2ca7f09-2ca7f18 127->134 135 2ca7f02-2ca7f08 127->135 128->131 129->128 134->131 135->134
                                                              APIs
                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 02CA7F41
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.609010615.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ca0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: CallProcWindow
                                                              • String ID:
                                                              • API String ID: 2714655100-0
                                                              • Opcode ID: a69f27ea5aa73c060a3f1702d8823afc00c64102e71f4c4b5e48b881899091a0
                                                              • Instruction ID: 9224146310945160a127bed4fd74aa2e0fd80cb880a4ccd3adca562f7bda69cf
                                                              • Opcode Fuzzy Hash: a69f27ea5aa73c060a3f1702d8823afc00c64102e71f4c4b5e48b881899091a0
                                                              • Instruction Fuzzy Hash: BC413DB59002498FCB14CF99C848AAEFBF5FB88318F248459E419AB311D735A945CFA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02CA6BA8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 137 2ca6ba8-2ca6c3c DuplicateHandle 138 2ca6c3e-2ca6c44 137->138 139 2ca6c45-2ca6c62 137->139 138->139
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02CA6C2F
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.609010615.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ca0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 5903b18a7356b0cbe0cf0d695193a9ccee7cdb1cb309639548f6879744e1844f
                                                              • Instruction ID: 44731ea7df93949368f97d1d8a1df3874489d5993a2bb3f06a67197cb3d0eb55
                                                              • Opcode Fuzzy Hash: 5903b18a7356b0cbe0cf0d695193a9ccee7cdb1cb309639548f6879744e1844f
                                                              • Instruction Fuzzy Hash: E321D5B59002599FDF10CF99D984ADEFBF8FB48324F14841AE914A3350D378A954CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02CA6BA2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 142 2ca6ba2-2ca6c3c DuplicateHandle 143 2ca6c3e-2ca6c44 142->143 144 2ca6c45-2ca6c62 142->144 143->144
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02CA6C2F
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.609010615.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ca0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: d910ee1549235840f2b049b07af6349549b76ffb269a863199cfe089326b2b6f
                                                              • Instruction ID: cb110bfffb5634e28b6346853cb3fa1541dcefceafd15f92897e269226c60e4c
                                                              • Opcode Fuzzy Hash: d910ee1549235840f2b049b07af6349549b76ffb269a863199cfe089326b2b6f
                                                              • Instruction Fuzzy Hash: A321E0B59002199FDB00CFA9D984ADEBBF8EB48324F24841AE914A3350D378A954CF60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02CABEA9 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 147 2cabea9-2cabee9 159 2cabeec call 2cabfd9 147->159 160 2cabeec call 2cabf80 147->160 161 2cabeec call 2cabf90 147->161 148 2cabef2-2cabefa 150 2cabefc-2cabefe 148->150 151 2cabf00 148->151 152 2cabf05-2cabf10 150->152 151->152 153 2cabf12-2cabf43 RtlEncodePointer 152->153 154 2cabf71-2cabf7e 152->154 156 2cabf4c-2cabf6c 153->156 157 2cabf45-2cabf4b 153->157 156->154 157->156 159->148 160->148 161->148
                                                              APIs
                                                              • RtlEncodePointer.NTDLL(00000000), ref: 02CABF32
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.609010615.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ca0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: EncodePointer
                                                              • String ID:
                                                              • API String ID: 2118026453-0
                                                              • Opcode ID: 05c66fc071aab4389d11249202ad91e7c9a667e942e189e00e02fe61bd2204aa
                                                              • Instruction ID: d0c6e24f9b7de9a62b8ddcaca50a3351770b5171115eab6aceb6202aa97f9157
                                                              • Opcode Fuzzy Hash: 05c66fc071aab4389d11249202ad91e7c9a667e942e189e00e02fe61bd2204aa
                                                              • Instruction Fuzzy Hash: 1A2190B590130A8FDB20DFA9D9497DEBBF4FB04318F288929D419E7640D7399A48CF61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02CABEB8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 162 2cabeb8-2cabee9 163 2cabef2-2cabefa 162->163 174 2cabeec call 2cabfd9 162->174 175 2cabeec call 2cabf80 162->175 176 2cabeec call 2cabf90 162->176 165 2cabefc-2cabefe 163->165 166 2cabf00 163->166 167 2cabf05-2cabf10 165->167 166->167 168 2cabf12-2cabf43 RtlEncodePointer 167->168 169 2cabf71-2cabf7e 167->169 171 2cabf4c-2cabf6c 168->171 172 2cabf45-2cabf4b 168->172 171->169 172->171 174->163 175->163 176->163
                                                              APIs
                                                              • RtlEncodePointer.NTDLL(00000000), ref: 02CABF32
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.609010615.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ca0000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID: EncodePointer
                                                              • String ID:
                                                              • API String ID: 2118026453-0
                                                              • Opcode ID: fdc9736b6aa416d21c1ca4b1a76d9c4781fa1a5ee68608d2b697b6aef6b0aa5f
                                                              • Instruction ID: 73ff688e7d7e9d58f1475843466a7b055e7191a9dd11fcc4b33b5bc040cf56a8
                                                              • Opcode Fuzzy Hash: fdc9736b6aa416d21c1ca4b1a76d9c4781fa1a5ee68608d2b697b6aef6b0aa5f
                                                              • Instruction Fuzzy Hash: 15119DB590030A8FDB10DFA9D9087DEBBF4FB44318F248429E419E7640D779AA48CF61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01243E28 Relevance: .8, Instructions: 819COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 326 1243e28-1244316 401 124431c-124432c 326->401 402 1244868-124489d 326->402 401->402 403 1244332-1244342 401->403 406 124489f-12448a4 402->406 407 12448a9-12448c7 402->407 403->402 405 1244348-1244358 403->405 405->402 408 124435e-124436e 405->408 410 124498e-1244993 406->410 419 124493e-124494a 407->419 420 12448c9-12448d3 407->420 408->402 409 1244374-1244384 408->409 409->402 411 124438a-124439a 409->411 411->402 413 12443a0-12443b0 411->413 413->402 414 12443b6-12443c6 413->414 414->402 416 12443cc-12443dc 414->416 416->402 418 12443e2-12443f2 416->418 418->402 421 12443f8-1244867 418->421 426 1244961-124496d 419->426 427 124494c-1244958 419->427 420->419 425 12448d5-12448e1 420->425 434 1244906-1244909 425->434 435 12448e3-12448ee 425->435 432 1244984-1244986 426->432 433 124496f-124497b 426->433 427->426 437 124495a-124495f 427->437 432->410 433->432 446 124497d-1244982 433->446 438 1244920-124492c 434->438 439 124490b-1244917 434->439 435->434 448 12448f0-12448fa 435->448 437->410 441 1244994-12449e0 438->441 442 124492e-1244935 438->442 439->438 450 1244919-124491e 439->450 545 12449e3 call 1244b57 441->545 546 12449e3 call 1244b68 441->546 442->441 447 1244937-124493c 442->447 446->410 447->410 448->434 455 12448fc-1244901 448->455 450->410 455->410 456 12449e9-12449f0 458 12449f2-12449fd 456->458 459 1244a03-1244a0e 456->459 458->459 463 1244a86-1244ad8 458->463 464 1244a14-1244a83 459->464 465 1244adf-1244b1b 459->465 463->465 478 1244b22-1244b24 465->478 479 1244b1d call 1243890 465->479 482 1244b35-1244b43 478->482 483 1244b26-1244b33 478->483 479->478 489 1244b45-1244b4f 482->489 490 1244b51 482->490 491 1244b53-1244b56 483->491 489->491 490->491 545->456 546->456
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dfcc9355dc19fa7b663fa9375a5cf52a1f1060125ae6daa9a02ad9c7625fe579
                                                              • Instruction ID: 969f27831b6308342a0a225dfc7c4468d8c9c587aeab65a346f33489c6d2a379
                                                              • Opcode Fuzzy Hash: dfcc9355dc19fa7b663fa9375a5cf52a1f1060125ae6daa9a02ad9c7625fe579
                                                              • Instruction Fuzzy Hash: 15729234A0415C8FEB25EBA4C850BDEBBB6EF89304F1084A9C10A6B395DF359D45EF91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01244B68 Relevance: .4, Instructions: 409COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34ab12244c54c0159b2dd65ae4457265b9842eba93002d896eb634f3b3a7d5c2
                                                              • Instruction ID: a477226ae4c6c15f1beb81b7c9864881255bfdb2a9fef0c4deefb2a3f3b9ab07
                                                              • Opcode Fuzzy Hash: 34ab12244c54c0159b2dd65ae4457265b9842eba93002d896eb634f3b3a7d5c2
                                                              • Instruction Fuzzy Hash: 30F14A71A10155CFCB19DFADC488AADBBF6FF98310B1A84A9E515AB361CB30EC41CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 012433E2 Relevance: .4, Instructions: 380COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 889067024b6b94574bb6c341be0c1073d0e6d15594cdff13b51cc501fd627fc0
                                                              • Instruction ID: dbc3459ccef83f4504e98fdcdad7f35cf053e10f32b9d164b62bf2c243967a26
                                                              • Opcode Fuzzy Hash: 889067024b6b94574bb6c341be0c1073d0e6d15594cdff13b51cc501fd627fc0
                                                              • Instruction Fuzzy Hash: B5F18070A1052ADFDB19CF68C984AAEBBF2FF48314F198554E505DB2A2C734EC80CB65
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 012416C8 Relevance: .3, Instructions: 341COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cfb5c81b19584bde611d350271119af1d0670e33039548a532173e66606a07c5
                                                              • Instruction ID: 96151f4a314dbbeb1c7ef9b9f8ae085d283f5733f43c7ed4f4f759d850fc7fe4
                                                              • Opcode Fuzzy Hash: cfb5c81b19584bde611d350271119af1d0670e33039548a532173e66606a07c5
                                                              • Instruction Fuzzy Hash: 15C1F0357142118FDB2A9B68C894ABE7BE6AFC8304F044469E506CF394DF74EC92CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0124AAA8 Relevance: .3, Instructions: 333COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f8e203f36859fbeb5bf1645375cfe4b250b8ec336df05f88fa30e6536d51faaf
                                                              • Instruction ID: 19a6ca50e911e6da61532cded49432dc58695228240ffbb63984977a98c2e16d
                                                              • Opcode Fuzzy Hash: f8e203f36859fbeb5bf1645375cfe4b250b8ec336df05f88fa30e6536d51faaf
                                                              • Instruction Fuzzy Hash: CDD18038E502198FCF05EFB9E8946EEBBB5FB59300F104965D405EB759EB309845CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0124A770 Relevance: .2, Instructions: 244COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 96a826ffd1b2c9c7387876c1b7688e3bbfe249e2a4dac86ac16d39bb4afbea63
                                                              • Instruction ID: 15cb7c5d80eea32909a182776a39c6e802f90fe9188e5914eaa639ff5a6b1dcb
                                                              • Opcode Fuzzy Hash: 96a826ffd1b2c9c7387876c1b7688e3bbfe249e2a4dac86ac16d39bb4afbea63
                                                              • Instruction Fuzzy Hash: F9918E35A80214CFCB08DFB8D558AADBBF2AF98314F148969E506DB361DB35DC46CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01245280 Relevance: .2, Instructions: 230COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a91aeed6f1d5ce78d49298685ec15e16884d00b37e317a3564d921465c9264a6
                                                              • Instruction ID: d67644d54f33d9742120871124c94b017762d6c43ff3d7d3b448419079030e5c
                                                              • Opcode Fuzzy Hash: a91aeed6f1d5ce78d49298685ec15e16884d00b37e317a3564d921465c9264a6
                                                              • Instruction Fuzzy Hash: AC919031A1025A8FCB19CF68C884AAEBFB5FF55310F1684A9F9559B362C770EC44CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241AD0 Relevance: .2, Instructions: 230COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5fb5b7190ca62933b91e35655cda8c9aa674fe66b3f89c4cb8687ead315324d0
                                                              • Instruction ID: 62f1d1fc6e576e147e9df714b7ff33863b6b6c2477354c17e9fd2964e90011c7
                                                              • Opcode Fuzzy Hash: 5fb5b7190ca62933b91e35655cda8c9aa674fe66b3f89c4cb8687ead315324d0
                                                              • Instruction Fuzzy Hash: 9181B070B20506CFDB18DF6CC884AAABBB6FF89244B158169D506DB361D730FC91CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01243AD8 Relevance: .2, Instructions: 207COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 828a11888ede94cfe3926d360e03461146b928a4ac5308732465e86f173cf1de
                                                              • Instruction ID: 5a53ce4133eca82f54ecefccc245c85bef9d53bf084d9939cb97639acb3f9986
                                                              • Opcode Fuzzy Hash: 828a11888ede94cfe3926d360e03461146b928a4ac5308732465e86f173cf1de
                                                              • Instruction Fuzzy Hash: 89619F317245268FDB18DF3EC885B6ABBE9FF446507154469EA06CB3A1EB71EC00CB60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01245500 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bf8cc3c2d2c5c1097526d9ca87b81256fa4afd1c5701caa7646cbb6528acb135
                                                              • Instruction ID: 8ce47bd17a3694a54fac4956913976cff63e8e20dd8d1961844b801e6329f66a
                                                              • Opcode Fuzzy Hash: bf8cc3c2d2c5c1097526d9ca87b81256fa4afd1c5701caa7646cbb6528acb135
                                                              • Instruction Fuzzy Hash: 3141BF313102568FCB1A9F69E815A7A3BE7AF85211F048069F64ACB3A1DB34DC11CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 012438D8 Relevance: .1, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b95d70e3e9b887019a528bcd455f991052f32b55944653708e56e2c1b330dc3
                                                              • Instruction ID: 6776703ff1cb9058a6409a383e57428725b9a08afabb4da6275a74d0744e8ffe
                                                              • Opcode Fuzzy Hash: 5b95d70e3e9b887019a528bcd455f991052f32b55944653708e56e2c1b330dc3
                                                              • Instruction Fuzzy Hash: CA415B797601669FDB18DF29C888AAE7BB6FF88310F104069EA16CB3A1C771DC40CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01243D08 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 63f0ab9b6146bf90bba43f6879a250cb913ae3d19b837cb48114a1db663f9aa2
                                                              • Instruction ID: c6f4aee4f5ad463d3147af72f8ba6e1c40b687b697003233315219edeef46bac
                                                              • Opcode Fuzzy Hash: 63f0ab9b6146bf90bba43f6879a250cb913ae3d19b837cb48114a1db663f9aa2
                                                              • Instruction Fuzzy Hash: 4A210A303242368BCB2E9739849557E7BABAFD56147148079EA02CB796DF24CC02AB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01243D18 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b87c1a1b59531cb815bf8d50c5bebe14b40d6d0c27b56111f78ba65bbf5c464b
                                                              • Instruction ID: 79e57033a72c242982b292f99c302af5955c9e95b7419bd6e4fa01a2cca5144c
                                                              • Opcode Fuzzy Hash: b87c1a1b59531cb815bf8d50c5bebe14b40d6d0c27b56111f78ba65bbf5c464b
                                                              • Instruction Fuzzy Hash: C121DA3032013687DB2D9629C45567E7AABBFD4714F148039DA02CF7D5DE79CC429781
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 012414F0 Relevance: .1, Instructions: 85COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c6f9eb9ddbfd4f3023fd26ad80431ded41d303ac37f87166967efe65857ded6
                                                              • Instruction ID: 8be16c6cb008f143f9450a1b948b3c72f821c174c1c7af890010a4a09de34105
                                                              • Opcode Fuzzy Hash: 1c6f9eb9ddbfd4f3023fd26ad80431ded41d303ac37f87166967efe65857ded6
                                                              • Instruction Fuzzy Hash: 20313C3221011A9FCF5AAF59E855AEE7FA6AB88311F044015FA068B251CB31DD71DBD0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0124A711 Relevance: .1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0610490dc7ed9f137a24d349460a70f074004274bb60a1511b67b04563c8e897
                                                              • Instruction ID: 0dcef85e0504dfbf75b19de157a02a23260d198273b1c839bea3c076dc1e1554
                                                              • Opcode Fuzzy Hash: 0610490dc7ed9f137a24d349460a70f074004274bb60a1511b67b04563c8e897
                                                              • Instruction Fuzzy Hash: BF31E530A462459FCB09CFB8C984ADEBFF2AF85314F1584AAD54ADB346D334D806CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01244B57 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d30ce5318991b0540996c7894c379799e3b55ea1ffc380e9a577d770e7bcdfc1
                                                              • Instruction ID: 85aba6c0044bb9ae95a51b0329c1eee73a8eca3855c6acda1f3b291e64527169
                                                              • Opcode Fuzzy Hash: d30ce5318991b0540996c7894c379799e3b55ea1ffc380e9a577d770e7bcdfc1
                                                              • Instruction Fuzzy Hash: 2C319171E00515CFCB08DF68C884AAEBBF6FF88310B198155E5269B3A4DB34DC12CB98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02C3D274 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608898761.0000000002C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C3D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2c3d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a038d29d633999aa9af43516b616cca901ec02fd078885321419a90dee9a7b68
                                                              • Instruction ID: e787946d0a656669394cc8a51321855ac4dcd9d43da4a5ccb3e8472b8a68fb6c
                                                              • Opcode Fuzzy Hash: a038d29d633999aa9af43516b616cca901ec02fd078885321419a90dee9a7b68
                                                              • Instruction Fuzzy Hash: 592128B1504200EFDF46CF54D9C0B6ABB75FB88314F24C969E80A4B246C33AD856CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02C3D450 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608898761.0000000002C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C3D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2c3d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b693f6308c2442406555ec0bf31cc46c6edaef49cd6cefc626bae2ff575dcd91
                                                              • Instruction ID: 147e53e24dc706050dc50655cf2a654070917fce17c01e69a91f1fc5a8db85a2
                                                              • Opcode Fuzzy Hash: b693f6308c2442406555ec0bf31cc46c6edaef49cd6cefc626bae2ff575dcd91
                                                              • Instruction Fuzzy Hash: 302103B2504240EFDF06DF14D9C0B67BB69FB88328F24C969E8070B246C336E955CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02C4D01C Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608915760.0000000002C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C4D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2c4d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8fc56e2c23568acd352b530d0b5966f208afe03c6af994e6220cb21b2f4d1eb4
                                                              • Instruction ID: 1e884bfc87c04cac7a01329dbad48ebf1b497bf06cc254b2e996d98007bfb510
                                                              • Opcode Fuzzy Hash: 8fc56e2c23568acd352b530d0b5966f208afe03c6af994e6220cb21b2f4d1eb4
                                                              • Instruction Fuzzy Hash: E921C575504240DFDB14EF54D9C4B17BB65FB84314F24C96DD80A4B346CB3BE846CAA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 012419E0 Relevance: .1, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9504a20b665347acb79fda38c493bdc44061b5e1a0d131ad20aeba2574608b02
                                                              • Instruction ID: e241882db6d40d5fe354415fc06080bc0a437c54f835fc92bddf847b610b7096
                                                              • Opcode Fuzzy Hash: 9504a20b665347acb79fda38c493bdc44061b5e1a0d131ad20aeba2574608b02
                                                              • Instruction Fuzzy Hash: 041104313116228FC32A9B29C49096ABBE6FFC575071905A9E646CF3A1DF30EC42C7D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241DB0 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e0c1b1ed61ce5145fef803798ddd1b6e00f41ac5bf8d466c33071bc5e8e730a0
                                                              • Instruction ID: c474919f3067a8255df9af08d566ae3bf5778b56fa4d4497973a832fa56d090f
                                                              • Opcode Fuzzy Hash: e0c1b1ed61ce5145fef803798ddd1b6e00f41ac5bf8d466c33071bc5e8e730a0
                                                              • Instruction Fuzzy Hash: ED1188767052204FC7265BB88D40AFB3BEA8F860543000476E605CF395FE30CC4AC7A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02C4D005 Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608915760.0000000002C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C4D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2c4d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a290e74955b97ce999c41cdd77f144fcc1935d0466df3e49a55f24f003907a6d
                                                              • Instruction ID: 94a81c0e63feedc043997f4736e76a41842532c0434ce2eee9dcf2f709b67f8b
                                                              • Opcode Fuzzy Hash: a290e74955b97ce999c41cdd77f144fcc1935d0466df3e49a55f24f003907a6d
                                                              • Instruction Fuzzy Hash: 9D2195755093C08FCB02CF20D594715BF71EB46214F28C5DAD8458F697C33AD44ACB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01242612 Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6906e855147b9b2ffbee15dbab53962029f18e3fe1029a95df430651ec2dc081
                                                              • Instruction ID: a9867b492a3329dcbd3ed4af335f4fc826ea8f5863af144ef234f681f61c4171
                                                              • Opcode Fuzzy Hash: 6906e855147b9b2ffbee15dbab53962029f18e3fe1029a95df430651ec2dc081
                                                              • Instruction Fuzzy Hash: 26217C31910209DFCB28CF59D944FAABBF6EF48314F00852EE61A9B211D775E954CF51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241628 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d240e956b1235ed4abea240b220319dee0a821d3cb5d630091251fec4151700
                                                              • Instruction ID: 2f13f2fe93249c252b20f2109e0ff7884d34380d2436111fb5e09463c400ed70
                                                              • Opcode Fuzzy Hash: 6d240e956b1235ed4abea240b220319dee0a821d3cb5d630091251fec4151700
                                                              • Instruction Fuzzy Hash: F411C273B00155AFCB168E59E800BEE7FEAEF88751B198056F615CB281CA31C961DB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 012449B0 Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f22b315aa7ee1279a48f5f18f5de006817416192fd868bfc8676d88daa91a4c0
                                                              • Instruction ID: a626582d9604d6d1f6ce4c901d36fd6c3e2c61f38f0ccce1886b222db7b81b95
                                                              • Opcode Fuzzy Hash: f22b315aa7ee1279a48f5f18f5de006817416192fd868bfc8676d88daa91a4c0
                                                              • Instruction Fuzzy Hash: EA112E76B102189BDB14DF69D855B9EBBBAFB8C710F148029E915AB390DB71AC10CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 012414E0 Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7ff25761a0747d79cd760c282fb71f4f87faee28896c122da50a94ef5befcc0c
                                                              • Instruction ID: d34aced5361efd2a77570224ce71a67581309e035bf1673d4d704b47d7511971
                                                              • Opcode Fuzzy Hash: 7ff25761a0747d79cd760c282fb71f4f87faee28896c122da50a94ef5befcc0c
                                                              • Instruction Fuzzy Hash: 931182316102168FCB16DF28E485BA97BF2AF48311F144426FA06CB251D730DDA5CBD0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02C3D26F Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608898761.0000000002C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C3D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2c3d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c3b2828e5c9959ab5c020fd8fedb84a2ac80b3e55064a8e274afeebf9278366b
                                                              • Instruction ID: fc6f02bc2034ce60ad6383551144bb6ba59fde9d56cc2725386dd034f28fe578
                                                              • Opcode Fuzzy Hash: c3b2828e5c9959ab5c020fd8fedb84a2ac80b3e55064a8e274afeebf9278366b
                                                              • Instruction Fuzzy Hash: FD21A276404240DFCB06CF10D9C4B56BF71FB84314F28C6A9D8494B656C33AD55ACFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241DC0 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6bf0deaa241c4fa7cb97a67e49ba196fe0d9c684a83335b7f45c4fa1ea00567f
                                                              • Instruction ID: 722f06d6c025061a4863649fd6183c81330ff21ffa52e8f1193580ae7c0dec39
                                                              • Opcode Fuzzy Hash: 6bf0deaa241c4fa7cb97a67e49ba196fe0d9c684a83335b7f45c4fa1ea00567f
                                                              • Instruction Fuzzy Hash: 500124367002254F9B28AABA8C51AFB36EF9FD91987000539D706CB394EF31DC4687A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0124544A Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb186df6e5cb1bd64f11906d3afac1e574ca5e4da2c283c147ca7c1a74bb58f8
                                                              • Instruction ID: 178925717fb280493d7613fec97589229770299078a5a2e06f7252808b3e5923
                                                              • Opcode Fuzzy Hash: eb186df6e5cb1bd64f11906d3afac1e574ca5e4da2c283c147ca7c1a74bb58f8
                                                              • Instruction Fuzzy Hash: 20119D71E0025A9FCB01DFA8C844ABFBFF9EF88301F00446AE951EB241D7348A05CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02C3D44B Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608898761.0000000002C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C3D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2c3d000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 46d45489102b83fdb49bf935a78d929ed8123d2b05b42aba97e6f0d1c7f73981
                                                              • Instruction ID: ebea45819254be059fd43cd1165e7fd0221da69aab282bc0f3ad8cd284b753bc
                                                              • Opcode Fuzzy Hash: 46d45489102b83fdb49bf935a78d929ed8123d2b05b42aba97e6f0d1c7f73981
                                                              • Instruction Fuzzy Hash: D411D3B6404280DFCF16CF10D9C4B56BF71FB84324F24C6A9D8060B656C336D55ACBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241638 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a2eec18e9b4463fa015024d6c2b1ac8c0fb7fa5c7031a4dc0e6708283f487dad
                                                              • Instruction ID: fa3e38a4e9cc0324766a08ecfd347725b2a8f451737605630bcbd5cb3baae9ee
                                                              • Opcode Fuzzy Hash: a2eec18e9b4463fa015024d6c2b1ac8c0fb7fa5c7031a4dc0e6708283f487dad
                                                              • Instruction Fuzzy Hash: 9A01D132B000196FCB169E599811BAF3BEBDBC8790F188029F605CB280CE71DC219BD0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241AC2 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: da2c57ee4c113fb71a3499343a3c87c178110d289e71a8b37614cb093c4cd8ce
                                                              • Instruction ID: f9a4f65cbdbdb250aab4e3af91291bead80bc6f109a86739cfcb6d07b0f27d9c
                                                              • Opcode Fuzzy Hash: da2c57ee4c113fb71a3499343a3c87c178110d289e71a8b37614cb093c4cd8ce
                                                              • Instruction Fuzzy Hash: 63F05937B792718FC73A56ACE8403A6BBF4DB802B1B040A63D695D7241D630B8E1C3D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241D6F Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6eefb9fd0006a3c33513288736ec866b4920d4a817dd9a4b225e162ff159b6bc
                                                              • Instruction ID: 1eac59cd598296c6a968133314c9cddf8d14e7e750bf92d65be6f076f2aa4fb3
                                                              • Opcode Fuzzy Hash: 6eefb9fd0006a3c33513288736ec866b4920d4a817dd9a4b225e162ff159b6bc
                                                              • Instruction Fuzzy Hash: 27F0273011C2908FC701DAB0FC828917766DB421243088A83F498CB2A5C7658A13C780
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0124A6A1 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f8646eced0119cc41926fd7713844c99f5e7c1f50265f8c2fbf758b34eab137f
                                                              • Instruction ID: 68092403b31709d384601ad2b7ef9ef3c49844c4d319ed7c566219ab9fc8cf00
                                                              • Opcode Fuzzy Hash: f8646eced0119cc41926fd7713844c99f5e7c1f50265f8c2fbf758b34eab137f
                                                              • Instruction Fuzzy Hash: 6CE06D76E541149F8B44EBBCA8055EE7AF4AA8D260B014176E90AD3200EA704A158BD1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0124A6A8 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 85d06e5878c7fd866aa62f0f582bd3780c753790297cd6583568a080273641ab
                                                              • Instruction ID: 862ac141ef15f289e58964629905b9877602a5a6665919491b42dab4dd3997f2
                                                              • Opcode Fuzzy Hash: 85d06e5878c7fd866aa62f0f582bd3780c753790297cd6583568a080273641ab
                                                              • Instruction Fuzzy Hash: 58E09275E101149F4B44DBAC98055AFBBF8EA8C220B014036E50AD3200EB704A018BD1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 01241D80 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.608727626.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_1240000_BANK DETAILS-26012022-971332pdf.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 83b06c2f440b3c20e6da1ce85f4661ac24bdb994a0b5b8f277f87acbc5f926f6
                                                              • Instruction ID: ba647b2fb34bcb5026fd1f8603d0bc367ef7e0e41492750c84160e0c1c8cea2e
                                                              • Opcode Fuzzy Hash: 83b06c2f440b3c20e6da1ce85f4661ac24bdb994a0b5b8f277f87acbc5f926f6
                                                              • Instruction Fuzzy Hash: 57C0127005C20D8A8A40BFA1F842569735F57806087408E61F4140E668EFB5650AC785
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%