Loading ...

Play interactive tourEdit tour

Windows Analysis Report DHL AWB - 5032675620 _SEPTEMBER 2021.exe

Overview

General Information

Sample Name:DHL AWB - 5032675620 _SEPTEMBER 2021.exe
Analysis ID:483724
MD5:d96d6c6caef758178386d9e0fc47b21a
SHA1:8d90376c829099fc4e551d36e691b53b9a48a0cd
SHA256:bd2b1d4a42425cd431ced38103c95651b9112a20ecb967640e1d79a83b051096
Tags:agentteslaexe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains very large strings
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
Creates processes with suspicious names
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "sam@htprress.com", "Password": "#m!Bebe2", "Host": "smtp.htprress.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000005.00000002.625722721.0000000002EC2000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.622420916.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000005.00000002.622420916.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.3f6e188.5.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.3f6e188.5.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.4086d60.4.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 3 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "sam@htprress.com", "Password": "#m!Bebe2", "Host": "smtp.htprress.com"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeReversingLabs: Detection: 22%
                      Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmpString found in binary or memory: http://PoIpyH.com
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384448811.0000000001577000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.coma
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmp, DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000003.361243845.000000000157C000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000003.361243845.000000000157C000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comi
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.392302360.0000000006FB2000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625673123.0000000002EB2000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.387513631.0000000003EA9000.00000004.00000001.sdmp, DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.622420916.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.625103449.0000000002E11000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.383789894.00000000012BB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      System Summary:

                      barindex
                      .NET source code contains very large stringsShow sources
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, Form1.csLong String: Length: 38272
                      Source: 0.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.csLong String: Length: 38272
                      Source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.csLong String: Length: 38272
                      Source: 5.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.0.unpack, Form1.csLong String: Length: 38272
                      Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.1.unpack, Form1.csLong String: Length: 38272
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 0_2_0155E6180_2_0155E618
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 0_2_0155E6080_2_0155E608
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 0_2_0155BC740_2_0155BC74
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BD61F05_2_00BD61F0
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BD01305_2_00BD0130
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BDABD85_2_00BDABD8
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BD14B35_2_00BD14B3
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BDD5E05_2_00BDD5E0
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BD9A985_2_00BD9A98
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BD74405_2_00BD7440
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00BD5FD05_2_00BD5FD0
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_013246A05_2_013246A0
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_013245B05_2_013245B0
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_013245D05_2_013245D0
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeBinary or memory string: OriginalFilename vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.393446736.0000000007650000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameCF_Secretaria.dll< vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.382708188.0000000000B42000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameProgre.exeh$ vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384649317.0000000002EA1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamerybORYCDEFoesqHgsUsRhLynNqcdWc.exe4 vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384720716.0000000002EB7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameEnvoySinks.dll6 vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.383789894.00000000012BB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeBinary or memory string: OriginalFilename vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.622519778.0000000000438000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamerybORYCDEFoesqHgsUsRhLynNqcdWc.exe4 vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.622560088.0000000000A12000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameProgre.exeh$ vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.623345320.0000000000EF8000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeBinary or memory string: OriginalFilenameProgre.exeh$ vs DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeReversingLabs: Detection: 22%
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe 'C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe'
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL AWB - 5032675620 _SEPTEMBER 2021.exe.logJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@0/0
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 5.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.1.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

                      Data Obfuscation:

                      barindex
                      .NET source code contains potential unpackerShow sources
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 0.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.b40000.0.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 5.0.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.0.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.a10000.1.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 0_2_00B4297F push 20000001h; retf 0_2_00B42992
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_00A1297F push 20000001h; retf 5_2_00A12992
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_0128D95C push eax; ret 5_2_0128D95D
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeCode function: 5_2_0128E32E push eax; ret 5_2_0128E349
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.55147580735
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeFile created: \dhl awb - 5032675620 _september 2021.exe
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeFile created: \dhl awb - 5032675620 _september 2021.exeJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DHL AWB - 5032675620 _SEPTEMBER 2021.exe PID: 5996, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 3492Thread sleep time: -40447s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 4112Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 4844Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 3216Thread sleep count: 9354 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe TID: 3216Thread sleep count: 503 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeWindow / User API: threadDelayed 9354Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeWindow / User API: threadDelayed 503Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeThread delayed: delay time: 40447Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: VMWARE
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000003.382128548.00000000075B0000.00000004.00000001.sdmpBinary or memory string: VmsRvC
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000000.00000002.384708060.0000000002EB2000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeMemory written: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeProcess created: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeJump to behavior
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmpBinary or memory string: &Program Manager
                      Source: DHL AWB - 5032675620 _SEPTEMBER 2021.exe, 00000005.00000002.624817545.0000000001820000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL AWB - 5032675620 _SEPTEMBER 2021.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 5.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL AWB - 5032675620 _SEPTEMBER 2021.exe.3f6e188.5.unpack, type: UN