Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SWIFT copy.29112022.Pdf.exe

Overview

General Information

Sample Name:SWIFT copy.29112022.Pdf.exe
Analysis ID:756157
MD5:5f400bae896422a69db460a4507fd657
SHA1:e90b7c431d34b39bef8492de7fb987f51c3fb804
SHA256:d5de496be1535d0b8d9c8f57087e9ae2a26aaf7c33c2ddca65b3231dc3b2460b
Tags:agentteslaexe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Yara detected AntiVM3
Tries to steal Mail credentials (via file / registry access)
Initial sample is a PE file and has a suspicious name
.NET source code references suspicious native API functions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
Yara detected Generic Downloader
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • SWIFT copy.29112022.Pdf.exe (PID: 5752 cmdline: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exe MD5: 5F400BAE896422A69DB460A4507FD657)
    • SWIFT copy.29112022.Pdf.exe (PID: 6072 cmdline: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exe MD5: 5F400BAE896422A69DB460A4507FD657)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "humhum@nutiribio.com", "Password": "zGNVO(l5", "Host": "smtp.nutiribio.com"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000000.269625557.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000001.00000000.269625557.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000001.00000000.269625557.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_AgentTesla_d3ac2b2funknownunknown
      • 0x306fa:$a3: MailAccountConfiguration
      • 0x30713:$a5: SmtpAccountConfiguration
      • 0x306da:$a8: set_BindingAccountConfiguration
      • 0x2f670:$a11: get_securityProfile
      • 0x2f511:$a12: get_useSeparateFolderTree
      • 0x30e6c:$a13: get_DnsResolver
      • 0x2f920:$a14: get_archivingScope
      • 0x2f748:$a15: get_providerName
      • 0x31e33:$a17: get_priority
      • 0x3140a:$a18: get_advancedParameters
      • 0x30814:$a19: get_disabledByRestriction
      • 0x2f2ea:$a20: get_LastAccessed
      • 0x2f9ba:$a21: get_avatarType
      • 0x31521:$a22: get_signaturePresets
      • 0x2ffb9:$a23: get_enableLog
      • 0x2f7c5:$a26: set_accountName
      • 0x3196c:$a27: set_InternalServerPort
      • 0x2ec84:$a28: set_bindingConfigurationUID
      • 0x314e7:$a29: set_IdnAddress
      • 0x31ce7:$a30: set_GuidMasterKey
      • 0x2f820:$a31: set_username
      00000000.00000002.276283014.0000000004061000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.276283014.0000000004061000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          Click to see the 16 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
              0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpackMALWARE_Win_AgentTeslaV3AgentTeslaV3 infostealer payloadditekSHen
              • 0x2e5b5:$s1: get_kbok
              • 0x2eef8:$s2: get_CHoo
              • 0x2fb52:$s3: set_passwordIsSet
              • 0x2e3b9:$s4: get_enableLog
              • 0x32a28:$s8: torbrowser
              • 0x31404:$s10: logins
              • 0x30d7c:$s11: credential
              • 0x2d7d5:$g1: get_Clipboard
              • 0x2d7e3:$g2: get_Keyboard
              • 0x2d7f0:$g3: get_Password
              • 0x2ed97:$g4: get_CtrlKeyDown
              • 0x2eda7:$g5: get_ShiftKeyDown
              • 0x2edb8:$g6: get_AltKeyDown
              0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpackWindows_Trojan_AgentTesla_d3ac2b2funknownunknown
              • 0x2eafa:$a3: MailAccountConfiguration
              • 0x2eb13:$a5: SmtpAccountConfiguration
              • 0x2eada:$a8: set_BindingAccountConfiguration
              • 0x2da70:$a11: get_securityProfile
              • 0x2d911:$a12: get_useSeparateFolderTree
              • 0x2f26c:$a13: get_DnsResolver
              • 0x2dd20:$a14: get_archivingScope
              • 0x2db48:$a15: get_providerName
              • 0x30233:$a17: get_priority
              • 0x2f80a:$a18: get_advancedParameters
              • 0x2ec14:$a19: get_disabledByRestriction
              • 0x2d6ea:$a20: get_LastAccessed
              • 0x2ddba:$a21: get_avatarType
              • 0x2f921:$a22: get_signaturePresets
              • 0x2e3b9:$a23: get_enableLog
              • 0x2dbc5:$a26: set_accountName
              • 0x2fd6c:$a27: set_InternalServerPort
              • 0x2d084:$a28: set_bindingConfigurationUID
              • 0x2f8e7:$a29: set_IdnAddress
              • 0x300e7:$a30: set_GuidMasterKey
              • 0x2dc20:$a31: set_username
              0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                Click to see the 23 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: SWIFT copy.29112022.Pdf.exeReversingLabs: Detection: 73%
                Source: SWIFT copy.29112022.Pdf.exeVirustotal: Detection: 30%Perma Link
                Machine Learning detection for sample
                Source: SWIFT copy.29112022.Pdf.exeJoe Sandbox ML: detected
                Source: 1.0.SWIFT copy.29112022.Pdf.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "humhum@nutiribio.com", "Password": "zGNVO(l5", "Host": "smtp.nutiribio.com"}
                Source: SWIFT copy.29112022.Pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: SWIFT copy.29112022.Pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: Veqz.pdb source: SWIFT copy.29112022.Pdf.exe

                Networking

                barindex
                Yara detected Generic Downloader
                Source: Yara matchFile source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.SWIFT copy.29112022.Pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SWIFT copy.29112022.Pdf.exe.46ed468.11.raw.unpack, type: UNPACKEDPE
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.520553295.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.520553295.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNS
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.520553295.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://MBStZn.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257939001.0000000006113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.agfamonotype.A
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253632184.00000000060EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255262809.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255202145.0000000006101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253897098.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253933848.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255262809.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254256532.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254664468.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253917497.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253857719.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254357438.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255202145.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254571950.0000000006108000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254070990.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255068805.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254099387.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253979663.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254516942.0000000006103000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254933421.0000000006108000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254150676.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254821011.0000000006108000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254466136.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254991909.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253997155.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comams
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253933848.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comand
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253933848.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253917497.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253979663.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253997155.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254013548.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253897098.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comce
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253997155.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254013548.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comcin
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253857719.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253819477.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253836809.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comd
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253857719.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comexc
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253857719.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253819477.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253804133.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253836809.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comf
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253933848.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253917497.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253979663.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253997155.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254013548.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comits
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254070990.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254099387.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253979663.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253997155.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254013548.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254070990.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254099387.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comont
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253933848.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253917497.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253857719.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254070990.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254099387.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253979663.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253819477.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253997155.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253836809.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254013548.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253897098.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comsig
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255750448.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255693586.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253933848.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255516044.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.256346314.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255262809.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.256544652.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255635634.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254256532.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255461197.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254664468.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253917497.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253857719.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254357438.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255970374.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255202145.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255320276.0000000006101000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254571950.0000000006108000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254070990.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.256649188.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comtig
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254256532.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254029297.0000000006105000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254070990.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254099387.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254150676.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254013548.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comw.m
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259471570.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com.TTF
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.258138745.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259693042.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.265884768.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257911788.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257560437.0000000006112000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257499785.0000000006113000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257336197.0000000006113000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257812332.0000000006113000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257867723.0000000006113000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257765651.0000000006113000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257891265.0000000006112000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257388371.0000000006112000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257305464.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259471570.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259471570.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html/
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257433913.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.257374815.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersZ
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.265995122.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.266070435.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.265884768.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerse
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.258022793.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.258138745.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersers
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.258710516.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.258780346.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersh
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259946306.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259985359.0000000006105000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersv
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259471570.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259380642.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comL.TTF
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.271326038.00000000060D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comM95
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comW8
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259471570.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259380642.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.271326038.00000000060D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comas
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcoma
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259471570.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.259380642.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comf9
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.271326038.00000000060D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comionF
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.271326038.00000000060D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comsiva
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.260416887.00000000060DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comttoF
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251283967.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com//w
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251323429.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.comjat
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251323429.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251406146.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251283967.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.comw.m
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253405708.0000000006103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.ce
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253426143.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.ck;
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253357265.00000000060EA000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253482553.0000000006103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253482553.0000000006103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/ei
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253366138.0000000006103000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253347704.0000000006103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnf
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261645746.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261742667.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261645746.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261742667.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/M95
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261855251.00000000060E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.262337254.00000000060E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261656122.00000000060E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.262264309.00000000060E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261586821.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261709013.0000000006104000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261757335.0000000006104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmQ
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254538096.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255439619.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255536119.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255031466.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255607455.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255481061.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255829393.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255099459.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255925563.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.256145848.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255290205.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254595717.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255391228.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254429222.00000000060DA000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255232174.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254538096.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255439619.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255536119.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255031466.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255607455.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255481061.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255099459.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/?9g
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255290205.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255391228.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255232174.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255439619.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255031466.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255099459.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/M95
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254595717.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254429222.00000000060DA000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254538096.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Verd
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254595717.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254538096.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/W8
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254595717.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254538096.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Xx
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254595717.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0nf9
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/i9
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255099459.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255031466.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255099459.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/W8
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/i9
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254634935.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254794551.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254595717.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254429222.00000000060DA000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254860385.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254538096.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255031466.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255099459.00000000060DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/t9
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261855251.00000000060E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261539461.00000000060DD000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.262337254.00000000060E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.261656122.00000000060E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.262264309.00000000060E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.UC
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250782932.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250927671.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250846587.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250578869.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250629587.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250578869.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250629587.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comalv
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250782932.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250578869.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250629587.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comegr
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250782932.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250927671.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251160398.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250846587.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250963346.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250995609.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251206432.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.251041022.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250629587.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comof
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250629587.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comria
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250782932.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250927671.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250846587.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250963346.00000000060EB000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.250995609.00000000060EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comu
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255401180.00000000060E6000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255308698.00000000060E6000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255250069.00000000060E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comf
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255282999.0000000006114000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.255224533.0000000006113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comrm
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.254124405.00000000060E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comicf
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.290363546.00000000072E2000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253689927.0000000006103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000003.253689927.0000000006103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn=
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.521371650.00000000031F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org%
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.520553295.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.287383086.00000000046ED000.00000004.00000800.00020000.00000000.sdmp, SWIFT copy.29112022.Pdf.exe, 00000001.00000000.269625557.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.520553295.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 1.0.SWIFT copy.29112022.Pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: 1.0.SWIFT copy.29112022.Pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.46ed468.11.raw.unpack, type: UNPACKEDPEMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.46ed468.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 00000001.00000000.269625557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 00000000.00000002.276283014.0000000004061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 00000000.00000002.287383086.00000000046ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: 00000001.00000002.520553295.0000000003151000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: Process Memory Space: SWIFT copy.29112022.Pdf.exe PID: 5752, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Source: Process Memory Space: SWIFT copy.29112022.Pdf.exe PID: 6072, type: MEMORYSTRMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
                Source: Process Memory Space: SWIFT copy.29112022.Pdf.exe PID: 6072, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: SWIFT copy.29112022.Pdf.exe
                .NET source code contains very large array initializations
                Source: 1.0.SWIFT copy.29112022.Pdf.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bA23A83EAu002dA498u002d4AEFu002dBB16u002dCCD2EDE07471u007d/A33BCC3Du002d23D1u002d407Du002d9507u002d8DF915F9F7E3.csLarge array initialization: .cctor: array initializer size 11775
                Source: SWIFT copy.29112022.Pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4724888.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 1.0.SWIFT copy.29112022.Pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: 1.0.SWIFT copy.29112022.Pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.4759ea8.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.46ed468.11.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: 0.2.SWIFT copy.29112022.Pdf.exe.46ed468.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 00000001.00000000.269625557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 00000000.00000002.276283014.0000000004061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 00000000.00000002.287383086.00000000046ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: 00000001.00000002.520553295.0000000003151000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: Process Memory Space: SWIFT copy.29112022.Pdf.exe PID: 5752, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: Process Memory Space: SWIFT copy.29112022.Pdf.exe PID: 6072, type: MEMORYSTRMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
                Source: Process Memory Space: SWIFT copy.29112022.Pdf.exe PID: 6072, type: MEMORYSTRMatched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_02E607980_2_02E60798
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_02E651B80_2_02E651B8
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_02E607890_2_02E60789
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_02E604E80_2_02E604E8
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_02E604F80_2_02E604F8
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_02E6856A0_2_02E6856A
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_0552F0D00_2_0552F0D0
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_0552F0BF0_2_0552F0BF
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_05524E940_2_05524E94
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_055268700_2_05526870
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_055268600_2_05526860
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_07992BE00_2_07992BE0
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_079E96880_2_079E9688
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_079E00060_2_079E0006
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 0_2_079E00400_2_079E0040
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_030146A01_2_030146A0
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_030146731_2_03014673
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_030146901_2_03014690
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_030145B01_2_030145B0
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_0301D9801_2_0301D980
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_064269281_2_06426928
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_064294F81_2_064294F8
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_064275401_2_06427540
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeCode function: 1_2_06426C701_2_06426C70
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.272914164.0000000003061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOhdryIYKwtfOhFKUvICmEItYgptrtNr.exe4 vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.287383086.00000000046ED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOhdryIYKwtfOhFKUvICmEItYgptrtNr.exe4 vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.273116142.00000000030A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrecision.dll6 vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.273116142.00000000030A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInspector.dllN vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exe, 00000000.00000002.284983154.00000000043E7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCollins.dll8 vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.514468515.0000000001158000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000000.269854347.0000000000438000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOhdryIYKwtfOhFKUvICmEItYgptrtNr.exe4 vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exeBinary or memory string: OriginalFilenameVeqz.exe< vs SWIFT copy.29112022.Pdf.exe
                Source: SWIFT copy.29112022.Pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: SWIFT copy.29112022.Pdf.exeReversingLabs: Detection: 73%
                Source: SWIFT copy.29112022.Pdf.exeVirustotal: Detection: 30%
                Source: SWIFT copy.29112022.Pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exe C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exe
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeProcess created: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exe C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exe
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeProcess created: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exe C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeJump to behavior
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Users\user\Desktop\SWIFT copy.29112022.Pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SWIFT copy.29112022.Pdf.exe.logJump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@0/0
                Source: SWIFT copy.29112022.Pdf.exe, 00000001.00000002.521706336.000000000323E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE