Windows Analysis Report DHL AWB - 5032675620 _SEPTEMBER 2021.exe

Overview

General Information

Sample Name: DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Analysis ID: 483724
MD5: d96d6c6caef758178386d9e0fc47b21a
SHA1: 8d90376c829099fc4e551d36e691b53b9a48a0cd
SHA256: bd2b1d4a42425cd431ced38103c95651b9112a20ecb967640e1d79a83b051096
Tags: agentteslaexe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains very large strings
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
Creates processes with suspicious names
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

AV Detection:

barindex
Found malware configuration
Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpack Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "sam@htprress.com", "Password": "#m!Bebe2", "Host": "smtp.htprress.com"}
Multi AV Scanner detection for submitted file
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe ReversingLabs: Detection: 22%
Antivirus or Machine Learning detection for unpacked file
Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8

Compliance:

barindex
Uses 32bit PE files
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp String found in binary or memory: http://DynDns.comDynDNS
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp String found in binary or memory: http://PoIpyH.com
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://fontfabrik.com
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384448811.0000000001577000.00000004.00000040.sdmp String found in binary or memory: http://www.fontbureau.coma
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.fonts.com
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.sakkal.com
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp, DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000003.361243845.000000000157C000.00000004.00000001.sdmp String found in binary or memory: http://www.tiro.com
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000003.361243845.000000000157C000.00000004.00000001.sdmp String found in binary or memory: http://www.tiro.comi
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.typography.netD
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625673123.0000000002EB2000.00000004.00000001.sdmp String found in binary or memory: https://api.ipify.org%
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp String found in binary or memory: https://api.ipify.org%GETMozilla/5.0
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.387513631.0000000003EA9000.00000004.00000001.sdmp, DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.622420916.0000000000402000.00000040.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Creates a DirectInput object (often for capturing keystrokes)
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.383789894.00000000012BB000.00000004.00000020.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
.NET source code contains very large strings
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, Form1.cs Long String: Length: 38272
Source: 0.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs Long String: Length: 38272
Source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs Long String: Length: 38272
Source: 5.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.0.unpack, Form1.cs Long String: Length: 38272
Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.1.unpack, Form1.cs Long String: Length: 38272
Uses 32bit PE files
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Detected potential crypto function
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 0_2_0155E618 0_2_0155E618
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 0_2_0155E608 0_2_0155E608
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 0_2_0155BC74 0_2_0155BC74
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BD61F0 5_2_00BD61F0
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BD0130 5_2_00BD0130
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BDABD8 5_2_00BDABD8
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BD14B3 5_2_00BD14B3
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BDD5E0 5_2_00BDD5E0
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BD9A98 5_2_00BD9A98
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BD7440 5_2_00BD7440
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00BD5FD0 5_2_00BD5FD0
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_013246A0 5_2_013246A0
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_013245B0 5_2_013245B0
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_013245D0 5_2_013245D0
Sample file is different than original file name gathered from version info
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Binary or memory string: OriginalFilename vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.393446736.0000000007650000.00000004.00020000.sdmp Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.382708188.0000000000B42000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameProgre.exeh$ vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384649317.0000000002EA1000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamerybORYCDEFoesqHgsUsRhLynNqcdWc.exe4 vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384720716.0000000002EB7000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameEnvoySinks.dll6 vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.383789894.00000000012BB000.00000004.00000020.sdmp Binary or memory string: OriginalFilenameclr.dllT vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Binary or memory string: OriginalFilename vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.622519778.0000000000438000.00000040.00000001.sdmp Binary or memory string: OriginalFilenamerybORYCDEFoesqHgsUsRhLynNqcdWc.exe4 vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.622560088.0000000000A12000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameProgre.exeh$ vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.623345320.0000000000EF8000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameUNKNOWN_FILET vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Binary or memory string: OriginalFilenameProgre.exeh$ vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
PE file contains strange resources
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe ReversingLabs: Detection: 22%
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe 'C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe'
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL AWB - 5032675620 _SEPTEMBER 2021.exe.log Jump to behavior
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@3/1@0/0
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, Form1.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 5.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.0.unpack, Form1.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.1.unpack, Form1.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation:

barindex
.NET source code contains potential unpacker
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, Form1.cs .Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs .Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs .Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.0.unpack, Form1.cs .Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.1.unpack, Form1.cs .Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 0_2_00B4297F push 20000001h; retf 0_2_00B42992
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_00A1297F push 20000001h; retf 5_2_00A12992
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_0128D95C push eax; ret 5_2_0128D95D
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Code function: 5_2_0128E32E push eax; ret 5_2_0128E349
Source: initial sample Static PE information: section name: .text entropy: 7.55147580735

Persistence and Installation Behavior:

barindex
Creates processes with suspicious names
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File created: \dhl awb - 5032675620 _september 2021.exe
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File created: \dhl awb - 5032675620 _september 2021.exe Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Yara detected AntiVM3
Source: Yara match File source: 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: DHL AWB - 5032675620 _SEPTEMBER 2021.exe PID: 5996, type: MEMORYSTR
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: SBIEDLL.DLL
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 3492 Thread sleep time: -40447s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 4112 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 4844 Thread sleep time: -14757395258967632s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 3216 Thread sleep count: 9354 > 30 Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 3216 Thread sleep count: 503 > 30 Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Window / User API: threadDelayed 9354 Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Window / User API: threadDelayed 503 Jump to behavior
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Thread delayed: delay time: 40447 Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: vmware
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: VMWARE
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000003.382128548.00000000075B0000.00000004.00000001.sdmp Binary or memory string: VmsRvC
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: VMware SVGA II
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

Anti Debugging:

barindex
Enables debug privileges
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Memory written: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Process created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Jump to behavior
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmp Binary or memory string: Progman
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmp Binary or memory string: &Program Manager
Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information:

barindex
Yara detected AgentTesla
Source: Yara match File source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.3f6e188.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.4086d60.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.3f6e188.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.622420916.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.387513631.0000000003EA9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.625722721.0000000002EC2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: DHL AWB - 5032675620 _SEPTEMBER 2021.exe PID: 5996, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: DHL AWB - 5032675620 _SEPTEMBER 2021.exe PID: 6552, type: MEMORYSTR
Tries to steal Mail credentials (via file access)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: DHL AWB - 5032675620 _SEPTEMBER 2021.exe PID: 6552, type: MEMORYSTR

Remote Access Functionality:

barindex
Yara detected AgentTesla
Source: Yara match File source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.3f6e188.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.4086d60.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.3f6e188.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.622420916.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.387513631.0000000003EA9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.625722721.0000000002EC2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: DHL AWB - 5032675620 _SEPTEMBER 2021.exe PID: 5996, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: DHL AWB - 5032675620 _SEPTEMBER 2021.exe PID: 6552, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 483724 Sample: DHL AWB - 5032675620 _SEPTE... Startdate: 15/09/2021 Architecture: WINDOWS Score: 100 15 Found malware configuration 2->15 17 Multi AV Scanner detection for submitted file 2->17 19 Yara detected AgentTesla 2->19 21 6 other signatures 2->21 6 DHL AWB - 5032675620 _SEPTEMBER 2021.exe 3 2->6         started        process3 file4 13 DHL AWB - 50326756...TEMBER 2021.exe.log, ASCII 6->13 dropped 23 Injects a PE file into a foreign processes 6->23 10 DHL AWB - 5032675620 _SEPTEMBER 2021.exe 2 6->10         started        signatures5 process6 signatures7 25 Tries to steal Mail credentials (via file access) 10->25 27 Tries to harvest and steal browser information (history, passwords, etc) 10->27
No contacted IP infos