Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Consignment Notification-#U00a0 705643291003.exe

Overview

General Information

Sample name:Consignment Notification-#U00a0 705643291003.exe
renamed because original name is a hash value
Original sample name:Consignment Notification- 705643291003.exe
Analysis ID:1467828
MD5:5d5bb627aa44cf37b651a69d8d8bbda9
SHA1:eec14ed4d1261ea95bcf91d34d47aa7508c84376
SHA256:b5c97a99bdfa2eaff894b76c3e2477b16c923b20f895a8e02448155d4e90be21
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
.NET source code contains very large array initializations
AI detected suspicious sample
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Detected potential crypto function
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Consignment Notification-#U00a0 705643291003.exe (PID: 6512 cmdline: "C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exe" MD5: 5D5BB627AA44CF37B651A69D8D8BBDA9)
    • WerFault.exe (PID: 7088 cmdline: C:\Windows\system32\WerFault.exe -u -p 6512 -s 1104 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Consignment Notification-#U00a0 705643291003.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: Consignment Notification-#U00a0 705643291003.exeReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Machine Learning detection for sample
Source: Consignment Notification-#U00a0 705643291003.exeJoe Sandbox ML: detected
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Data.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: 1003.PDB W source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb4Zi* source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.DataSetExtensions.pdbh source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.PDB source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F61D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS# source: WER399D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Numerics.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F600000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdbWj source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F600000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Xml.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: Binary string: lib.pdb!`nb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.PDB source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Numerics.pdb8 source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.pdbH source: WER399D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.ni.pdbRSDSC source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.pdbH source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Windows.Forms.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F61D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: pC:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.PDB source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.pdbH`h source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Core.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.DataSetExtensions.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Numerics.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdbP source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1782126869.0000000003DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/AukcionDBDataSet.xsd
Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

System Summary

barindex
.NET source code contains very large array initializations
Source: Consignment Notification-#U00a0 705643291003.exe, --.csLarge array initialization: _0002: array initializer size 721602
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeCode function: 0_2_00007FFD9B891DFA0_2_00007FFD9B891DFA
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeCode function: 0_2_00007FFD9B8919B80_2_00007FFD9B8919B8
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeCode function: 0_2_00007FFD9B8923200_2_00007FFD9B892320
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeCode function: 0_2_00007FFD9B8922BD0_2_00007FFD9B8922BD
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6512 -s 1104
Source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000000.1620670200.0000000000812000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameofZW.exe" vs Consignment Notification-#U00a0 705643291003.exe
Source: Consignment Notification-#U00a0 705643291003.exeBinary or memory string: OriginalFilenameofZW.exe" vs Consignment Notification-#U00a0 705643291003.exe
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal68.winEXE@2/5@0/0
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeMutant created: NULL
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6512
Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\bb3a0104-21e5-4e42-af37-3a6e427c87b9Jump to behavior
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Consignment Notification-#U00a0 705643291003.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 47.53%
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Consignment Notification-#U00a0 705643291003.exeReversingLabs: Detection: 36%
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeFile read: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exe "C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exe"
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6512 -s 1104
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: Consignment Notification-#U00a0 705643291003.exeStatic file information: File size 1414656 > 1048576
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x157800
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Data.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: 1003.PDB W source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb4Zi* source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.DataSetExtensions.pdbh source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.PDB source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F61D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS# source: WER399D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Numerics.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781683054.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F600000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdbWj source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F600000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Xml.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: Binary string: lib.pdb!`nb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.PDB source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Numerics.pdb8 source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.pdbH source: WER399D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.ni.pdbRSDSC source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.pdbH source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Windows.Forms.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783873320.000000001F61D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: pC:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.PDB source: Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1781624957.0000000000FF3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.pdbH`h source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Core.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Data.DataSetExtensions.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Numerics.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdbP source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WER399D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER399D.tmp.dmp.4.dr
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeCode function: 0_2_00007FFD9B895B24 push esi; retf 0_2_00007FFD9B895B27
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeCode function: 0_2_00007FFD9B8981AC push ecx; retf 0_2_00007FFD9B8981B3
Source: Consignment Notification-#U00a0 705643291003.exeStatic PE information: section name: .text entropy: 7.373025056633507
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeMemory allocated: 1280000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeMemory allocated: 1BD70000 memory reserve | memory write watchJump to behavior
Source: Amcache.hve.4.drBinary or memory string: VMware
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: vmci.sys
Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: VMware20,1
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		2
Virtualization/Sandbox Evasion		OS Credential Dumping21
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Software Packing		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Consignment Notification-#U00a0 705643291003.exe37%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
Consignment Notification-#U00a0 705643291003.exe100%AviraHEUR/AGEN.1323752
Consignment Notification-#U00a0 705643291003.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
http://www.fontbureau.com0%URL Reputationsafe
http://www.fontbureau.com/designersG0%URL Reputationsafe
http://www.fontbureau.com/designers/?0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.fontbureau.com/designers?0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://upx.sf.net0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.fontbureau.com/designers80%URL Reputationsafe
http://www.fonts.com0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://tempuri.org/AukcionDBDataSet.xsd0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.apache.org/licenses/LICENSE-2.0Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.comConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersGConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/?Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cn/bTheConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers?Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.tiro.comConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://upx.sf.netAmcache.hve.4.drfalse
  • URL Reputation: safe
unknown
http://tempuri.org/AukcionDBDataSet.xsdConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1782126869.0000000003DE1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.fontbureau.com/designersConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.goodfont.co.krConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.carterandcone.comlConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sajatypeworks.comConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.typography.netDConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/cabarga.htmlNConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cn/cTheConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.galapagosdesign.com/staff/dennis.htmConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cnConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/frere-user.htmlConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.jiyu-kobo.co.jp/Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.galapagosdesign.com/DPleaseConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers8Consignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fonts.comConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sandoll.co.krConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.urwpp.deDPleaseConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.zhongyicts.com.cnConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sakkal.comConsignment Notification-#U00a0 705643291003.exe, 00000000.00000002.1783157949.000000001DF42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1467828
Start date and time:2024-07-04 20:54:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 48s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Consignment Notification-#U00a0 705643291003.exe
renamed because original name is a hash value
Original Sample Name:Consignment Notification- 705643291003.exe
Detection:MAL
Classification:mal68.winEXE@2/5@0/0
EGA Information:Failed
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 20.189.173.22
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
  • Execution Graph export aborted for target Consignment Notification-#U00a0 705643291003.exe, PID 6512 because it is empty
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtSetInformationFile calls found.
  • VT rate limit hit for: Consignment Notification-#U00a0 705643291003.exe

Simulations

Behavior and APIs

TimeTypeDescription
14:55:07API Interceptor1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Z41QITVYKG3MWRU2_fff8e7713b237785d6d2e96798ea6c3bdf278cf_edc92401_74992dc1-8f4a-4215-8275-04b399b7db1e\Report.wer

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):65536
Entropy (8bit):1.2272936624912572
Encrypted:false
SSDEEP:192:jLXqqubTCa6ykd0eZtwsIqaWz3OlTwdT6ZFJzuiFxZ24lO8PM:Hnu6a6LeeDwua4ouCzuiFxY4lO8U
MD5:5D3923295D9CF0013C2ABED1F82EE59C
SHA1:12B95B28135DD96E13A91F5C244E504FF5087546
SHA-256:F5670ED8D935E0C78FF2C4128D589A3FD792DEDE84C0029802215B1FD34141DF
SHA-512:6C42CA4CC0612086D7A2F3E5030303AA4EE04F177820554B9EEE7580D0B9BBB3DF00DFE6052BF18ECA8383FBB545085BBC36A85939519E4E317F8795C497695E
Malicious:false
Reputation:low
Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.5.9.2.8.9.4.4.0.8.1.2.6.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.5.9.2.8.9.4.9.0.8.1.2.6.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.4.9.9.2.d.c.1.-.8.f.4.a.-.4.2.1.5.-.8.2.7.5.-.0.4.b.3.9.9.b.7.d.b.1.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.f.f.2.e.8.d.4.-.6.d.0.c.-.4.5.1.d.-.9.4.e.d.-.a.6.0.2.6.0.e.2.7.3.1.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.C.o.n.s.i.g.n.m.e.n.t. .N.o.t.i.f.i.c.a.t.i.o.n.-.#.U.0.0.a.0. .7.0.5.6.4.3.2.9.1.0.0.3...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.o.f.Z.W...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.7.0.-.0.0.0.1.-.0.0.1.4.-.9.8.3.c.-.a.0.a.6.4.3.c.e.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.9.7.c.7.f.6.9.d.c.5.5.d.5.3.2.d.0.b.1.a.8.f.b.7.e.d.a.2.4.4.d.0.0.0.0.0.0.0.0.!.0.0.0.0.e.e.c.1.4.e.d.4.d.1.2.6.1.e.a.9.5.b.c.f.9.1.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER399D.tmp.dmp

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Mini DuMP crash report, 16 streams, Thu Jul 4 18:54:54 2024, 0x1205a4 type
Category:dropped
Size (bytes):461836
Entropy (8bit):3.6487203205528425
Encrypted:false
SSDEEP:3072:DigqxIcmk3amR/wX24ZIHPdvaRcSLJZig+4AV91CCqzFld3+vitdN9tdN9tdN9tM:LqxIi31HGWp2Lvyqx3Q74gp6
MD5:1739F33C554812E92A75CEFEEDF32CF7
SHA1:B0C755BA4F142ADD5C1AEC876DCC09499AEB446C
SHA-256:5F38365906FD94705CDB89FE080149BC1FC21F4EF503EA1F149EA0EBB674BDA9
SHA-512:FEB4B216E855B2FF84B44A5BDC1662B42733434221A4FC39921ACB61598E468ADC3E1A1B2CE0EAD71ECED6295B4D9BE5EBD129E64AA2735240BB22AD9BE51D38
Malicious:false
Reputation:low
Preview:MDMP..a..... .........f....................................$...."......h....".......C..*u..........l.......8...........T............+..............P5..........<7..............................................................................eJ.......7......Lw......................T.......p.....f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AD6.tmp.WERInternalMetadata.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):8980
Entropy (8bit):3.7214794899439836
Encrypted:false
SSDEEP:192:R6l7wVeJ3v7m6I6Y9hq8MgmfZfYyGZGpr989bcnLfio0m:R6lXJDm6I6Y7q8MgmfhY1cLfi6
MD5:24EA878C0CC684FE769C4C4D7F7B29FD
SHA1:13E2FDA01C9B9D32B7CA407D2CF8B9452436A768
SHA-256:4EE8ADE76E7535B97FA266A43ABC3F040F6C3B10B0DD61E810A751581034D62D
SHA-512:9B1E7D34E33F686E36BC919F197FD7EADCBCE28981A7A5095EAE7313E0915972456832860B737120C5D149EB45A0216B8C95843779173F08BA1026FAAA97673D
Malicious:false
Reputation:low
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.1.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B06.tmp.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4946
Entropy (8bit):4.582379121900942
Encrypted:false
SSDEEP:48:cvIwWl8zs3Jg771I9ojWpW8VY2M0Ym8M4JTRlaaE0Ffyq8vSaEsKFqlRdlRUmd:uIjfZI77S7VCBJTRKiWosKcPdPrd
MD5:33C61852F405FEAF441C757B2EF6F1B9
SHA1:E77DF94308ED09C6CFBB55D9D840C833D59D682B
SHA-256:8B82BDEE46D08AF281A65E71FAC39CBF4F301543B2E1D4F4CBF1A59941A59F32
SHA-512:E249D1D96B22DF8E9F07EC7CF286BD5B61CA92E11673B7339E699D301CCEAFD03C8FEC9B016BE8E40603355D759113E9737B1620AEC9E229B3334C811D37B61E
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="396597" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:MS Windows registry file, NT/2000 or above
Category:dropped
Size (bytes):1835008
Entropy (8bit):4.465812436058973
Encrypted:false
SSDEEP:6144:CIXfpi67eLPU9skLmb0b4sWSPKaJG8nAgejZMMhA2gX4WABl0uN1dwBCswSb2:nXD94sWlLZMM6YFH7+2
MD5:AC94BAD1D4CF6D8A5463C4575158A001
SHA1:8276D5C259DA4674731AC2B397916095C453E82D
SHA-256:B066BC1630ABFBBF598DEDC5A9695AB998C9BAE53B1BBAC2095972A7DB539454
SHA-512:BA3BDA5AED890F46FB2B9D074B0F1A7280D915AE4CB917748E2F41CD3738FFDA139067F1C4BF1E6A3C916DE7F7253E4601F14FCE541BE39CF330F419E038A8FD
Malicious:false
Reputation:low
Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmzJ>.C.................................................................................................................................................................................................................................................................................................................................................(.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):7.370341950903701
TrID:
  • Win64 Executable GUI Net Framework (217006/5) 47.53%
  • Win64 Executable GUI (202006/5) 44.25%
  • Win64 Executable (generic) Net Framework (21505/4) 4.71%
  • Win64 Executable (generic) (12005/4) 2.63%
  • Generic Win/DOS Executable (2004/3) 0.44%
File name:Consignment Notification-#U00a0 705643291003.exe
File size:1'414'656 bytes
MD5:5d5bb627aa44cf37b651a69d8d8bbda9
SHA1:eec14ed4d1261ea95bcf91d34d47aa7508c84376
SHA256:b5c97a99bdfa2eaff894b76c3e2477b16c923b20f895a8e02448155d4e90be21
SHA512:ac708b9443fc13cfabef850152d750a249deeb6d7be26903bdd2f678281ae50a6568f07a2f06ecfb15bf5fec00d80d16609624409c0d46c87a9145c38cffe802
SSDEEP:24576:pWmGrqoiYWx3qO/lPG3Ae3s6g1UXWiGzhpIBnnMm:pDN3MAe3sl1UXWiGlpI
TLSH:C365AE240B741B5FEB2E0678C256624082B0E484F7D6FBCACCE264E59DD57D9E9C209F
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(zf.................x............... ....@...... ....................................@...@......@............... .....

File Icon

Icon Hash:4d0e9370312b2b33

Static PE Info

General

Entrypoint:0x5597e6
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:0x667A28E4 [Tue Jun 25 02:18:12 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
dec eax
mov eax, dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
jmp eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x15978c0x57.text
IMAGE_DIRECTORY_ENTRY_RESOURCE0x15a0000x187c.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000xc.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x20000x1577f20x157800276b13e531a4cdb219f7a32a5ebb4bf4False0.7137925593613537data7.373025056633507IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc0x15a0000x187c0x1a0011432894b296001e87c0980d43827ca0False0.8414963942307693data7.152333673271252IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x15c0000xc0x200133dd859cb5d2b089b7715d75dd8ee91False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x15a0e80x13cbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9850009867771857
RT_GROUP_ICON0x15b4b40x14data1.05
RT_VERSION0x15b4c80x3b4data0.49261603375527424

Imports

DLLImport
mscoree.dll_CorExeMain

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:14:54:51
Start date:04/07/2024
Path:C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\Consignment Notification-#U00a0 705643291003.exe"
Imagebase:0x810000
File size:1'414'656 bytes
MD5 hash:5D5BB627AA44CF37B651A69D8D8BBDA9
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

General

Target ID:4
Start time:14:54:53
Start date:04/07/2024
Path:C:\Windows\System32\WerFault.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\WerFault.exe -u -p 6512 -s 1104
Imagebase:0x7ff7d09d0000
File size:570'736 bytes
MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

Reset < >

    Executed Functions

    Function 00007FFD9B891DFA Relevance: 1.7, Strings: 1, Instructions: 421COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID: &N_^
    • API String ID: 0-1877586524
    • Opcode ID: fdef991d210fce4e00826f0f7a3e2e4bec77def4617d89e6add5e2763dc12ac0
    • Instruction ID: 999fdb07d1ad524eba7cf3a4d59ed89a0e9227517797a5a1c13936d81e5aafe1
    • Opcode Fuzzy Hash: fdef991d210fce4e00826f0f7a3e2e4bec77def4617d89e6add5e2763dc12ac0
    • Instruction Fuzzy Hash: 18D18B75E1851E8FEF58EBA8D865AFDBBB0FF58311F00116AD10AEB291DE3469418B40
    Function 00007FFD9B8919B8 Relevance: 1.0, Instructions: 1048COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0b7653d4baafe0db65aa9da0e5340b855270d9e506752ae5f7d4512a2a506ed1
    • Instruction ID: 4e91386e5993bf35d37f45ac27cab808ee692f575e8283c602354c236280cb81
    • Opcode Fuzzy Hash: 0b7653d4baafe0db65aa9da0e5340b855270d9e506752ae5f7d4512a2a506ed1
    • Instruction Fuzzy Hash: A0622731F19A0D4BEB6CEFA884A567977E2FF88304F51417DD45AC32E6DE38A8428740
    Function 00007FFD9B8922BD Relevance: .5, Instructions: 506COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: be9da6498a52fabb4607efd6e811d7dbb86a36759fb86588f618d2972beaae34
    • Instruction ID: affa3703f73968ec6d3027f552c03ebc0167dd80226d92fc806de2305b0245c3
    • Opcode Fuzzy Hash: be9da6498a52fabb4607efd6e811d7dbb86a36759fb86588f618d2972beaae34
    • Instruction Fuzzy Hash: ACF1F531F19A0D4FEBACDFA888656797AE2FF98304F454179D44EC32E6DE7898028741
    Function 00007FFD9B892320 Relevance: .5, Instructions: 479COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4184c29afe9b22d8224d86dcc903da1abefeb763cd48dcf9322ae7ebd738529d
    • Instruction ID: e8792d5e776d6ff62f2a3aca5386c309e1462ddd18824671b702374c9708fd4d
    • Opcode Fuzzy Hash: 4184c29afe9b22d8224d86dcc903da1abefeb763cd48dcf9322ae7ebd738529d
    • Instruction Fuzzy Hash: CAE1D631F19A0D4BEBACEFA8946567977E2FF98304F414179D41EC32E6DE78A8028741
    Function 00007FFD9B893065 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID: 3
    • API String ID: 0-1842515611
    • Opcode ID: 5753d8a828eef305348e18a6c590838aeb5d2d92fc004fc2d8ce37c478a9fc04
    • Instruction ID: 9d6f1278c90b4abb4bf14247a5a78f12b824aac7f59d781e77414b6ba080da22
    • Opcode Fuzzy Hash: 5753d8a828eef305348e18a6c590838aeb5d2d92fc004fc2d8ce37c478a9fc04
    • Instruction Fuzzy Hash: C651A2227AE3860FE71D4BB89C954B03FD0EF5622571F41BEC496CB1A3D96895438341
    Function 00007FFD9B89531B Relevance: 1.4, Strings: 1, Instructions: 136COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID: {R_H
    • API String ID: 0-3076950630
    • Opcode ID: 6b20b4b846fdb65ebe4f061923effcb5626624c3d7addb3b20afdf85904c6354
    • Instruction ID: 162d6a354a3080b1f1b1e7f51d0fc672568a5b53209de5b86b476334be03a1da
    • Opcode Fuzzy Hash: 6b20b4b846fdb65ebe4f061923effcb5626624c3d7addb3b20afdf85904c6354
    • Instruction Fuzzy Hash: D9414271B1991D4FEFA9DB6888A57E877A1FF98340F4045F6D40DC3296DE346E818B80
    Function 00007FFD9B893CBE Relevance: 1.3, Strings: 1, Instructions: 26COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID: k
    • API String ID: 0-467967572
    • Opcode ID: a3034ae49ca3301cf81a4af9add1add0e8386120366a1462f926803d00fffc40
    • Instruction ID: 9bda9c4534bfe4c53a41e52395f38785c817a02eb4dce3c8416661b4be9fb48e
    • Opcode Fuzzy Hash: a3034ae49ca3301cf81a4af9add1add0e8386120366a1462f926803d00fffc40
    • Instruction Fuzzy Hash: 65E08C20F8A8095FDEA4F3BCB4255BC36C28FCC22078601B5E40DCB3A6ED289E431380
    Function 00007FFD9B8936E5 Relevance: .4, Instructions: 373COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: acbc099c4b0894d31d743cd246a144f53614830e9a4f526a99e18d845ce48074
    • Instruction ID: 42f41b1e6532492bda171ebaa6de12a008bd43401123e1b8efd6e4f848da2fcb
    • Opcode Fuzzy Hash: acbc099c4b0894d31d743cd246a144f53614830e9a4f526a99e18d845ce48074
    • Instruction Fuzzy Hash: AEC1D831B1D91D9FEB58EB58D8A4AB877E2FF98310B55017AE00DD72E6CE29AC41C740
    Function 00007FFD9B89443D Relevance: .2, Instructions: 238COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 39e4d0c131b7c6b7ab75c8292e1d36392e4c88ee1708f29836bb2dfd4ea7237a
    • Instruction ID: 89cd8f07ea63ee3f9c40d710c07208bd9862293ca07d08ac7a9c8266d9813c96
    • Opcode Fuzzy Hash: 39e4d0c131b7c6b7ab75c8292e1d36392e4c88ee1708f29836bb2dfd4ea7237a
    • Instruction Fuzzy Hash: F8817E71609B4E8FDFA8CF58C8B466537A1FF9C314B1906ADD469C72E2CA35E912CB40
    Function 00007FFD9B8941D5 Relevance: .2, Instructions: 208COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 76c9ed15a84c6b97c6792f2b132b60d335823b5b5b74fb6d3f9c06a05700100a
    • Instruction ID: 8d4234add95a4b9b7bbf9cd52284ab76ba52109be34ffb741f09b155884d1b2b
    • Opcode Fuzzy Hash: 76c9ed15a84c6b97c6792f2b132b60d335823b5b5b74fb6d3f9c06a05700100a
    • Instruction Fuzzy Hash: 5F617271609A4E8FDFA8CF58C860A653BA1FF59304F1906ADD869C72E2CB35E912C741
    Function 00007FFD9B8944A5 Relevance: .1, Instructions: 102COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 69f8c513bcd70f0e36e9f5639f73b7ba5eba41954b5b713bca7d4a0d082535ff
    • Instruction ID: d05ac30525db1bd95cda441549b498875c06082692e825eaf3a4f0d224bd82d7
    • Opcode Fuzzy Hash: 69f8c513bcd70f0e36e9f5639f73b7ba5eba41954b5b713bca7d4a0d082535ff
    • Instruction Fuzzy Hash: 34319271A0EA8D4FDF69CF68C8705A53BA1FF89304B1905AEE469C72E2CA25E901C741
    Function 00007FFD9B8954AC Relevance: .1, Instructions: 101COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 82e78525d4ae88d760d4bab01c9c6b5858a905ad7b3ea88582ef0c5765277435
    • Instruction ID: 51c0404ec537f8326e0aaeda6d854d0d6611645fe90ac09dfc6665c61b740e1f
    • Opcode Fuzzy Hash: 82e78525d4ae88d760d4bab01c9c6b5858a905ad7b3ea88582ef0c5765277435
    • Instruction Fuzzy Hash: 93310670E1DB494FDB69DF688CA52E97BA1EF59301F0401FAD40DC7197EE346A428B41
    Function 00007FFD9B890E88 Relevance: .1, Instructions: 98COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5985e3b825529586bb9adb474e171fcbfe3d9dda276c38e2ec7f8c5651d02bee
    • Instruction ID: 09400c4a67b4d001c31bedb013b8bc135e30197d14a4621a1f9602da433c6067
    • Opcode Fuzzy Hash: 5985e3b825529586bb9adb474e171fcbfe3d9dda276c38e2ec7f8c5651d02bee
    • Instruction Fuzzy Hash: 4D318561F1894D8EEB98EB9898657ECABB2FF65300F4001F6D01DD32D6DD342D818741
    Function 00007FFD9B891AB8 Relevance: .1, Instructions: 92COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1cd8d696f05b165cd4d7e341f2138becab62d23158e7857343b6e4c32696a2b6
    • Instruction ID: 344a66d5693a64c1513af032d8c561cc888c632cb142a27d792e461b3c622680
    • Opcode Fuzzy Hash: 1cd8d696f05b165cd4d7e341f2138becab62d23158e7857343b6e4c32696a2b6
    • Instruction Fuzzy Hash: DE21A231B1EA4E4FEBB9DB7884285757BE0EF5A302B1505BED04AC75F2DE29A8458340
    Function 00007FFD9B893211 Relevance: .1, Instructions: 83COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 592634d153c57312f58dab083efcc0f1e2eccf9b67dc3a72ee5ecdb0c8889574
    • Instruction ID: d7f978650a6be3c863500d7ea797238cd2880ceccb754e26d9578fd7b7b19f3f
    • Opcode Fuzzy Hash: 592634d153c57312f58dab083efcc0f1e2eccf9b67dc3a72ee5ecdb0c8889574
    • Instruction Fuzzy Hash: B7218031A1AA4E4FEBB8DBAC84681357BE0FF59301B5505BED09FC76A1CE29A9458700
    Function 00007FFD9B893EA5 Relevance: .1, Instructions: 76COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 897816770c3afc6357bb4415cc2c5fabd67003a2f87fc2f3713c3c91d29cd5f9
    • Instruction ID: f145b8280fa6cbd557d27d53add177632730d5939bb34a5a8c7c96f56d83b4f6
    • Opcode Fuzzy Hash: 897816770c3afc6357bb4415cc2c5fabd67003a2f87fc2f3713c3c91d29cd5f9
    • Instruction Fuzzy Hash: 5711BC22B0E64D4FEB55E7BC546956C3BD1DF9925074741F2E409CB2B3ED189D428341
    Function 00007FFD9B898F6F Relevance: .1, Instructions: 70COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5bf79bc29ff121e214cfdccfb9d58cdc9d346a8bd9abe75de4ed998cd67b1b4b
    • Instruction ID: 0e748faa9ddfde34ba41faa6fbe937c4f5bd75a84a1ffcb1529a0b0eb3f947f1
    • Opcode Fuzzy Hash: 5bf79bc29ff121e214cfdccfb9d58cdc9d346a8bd9abe75de4ed998cd67b1b4b
    • Instruction Fuzzy Hash: AE11033160EED95FDB5AA73C98347947FA1EF5A350B0805FFD08ECB292DA289946C341
    Function 00007FFD9B892206 Relevance: .1, Instructions: 62COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ea9aba1497010abd174182839fb25354f635fb070472c099ad59de880db28d91
    • Instruction ID: 9efc98eebc56ef8dcdd2f41208322e702d2eb20e8a2030a111802ed8639c1b7f
    • Opcode Fuzzy Hash: ea9aba1497010abd174182839fb25354f635fb070472c099ad59de880db28d91
    • Instruction Fuzzy Hash: 08119031A1965E8FDF85EFE488656FDBBF1EF59304F41006AC418D72A2DA785940C781
    Function 00007FFD9B893FA3 Relevance: .1, Instructions: 61COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 924b0eea400153300a2144cf2c48e38808e4994b33e7167012d46d5a002d5ad9
    • Instruction ID: 1c0d9a5367a03e0e75ea93931e6329766dcaa360dd3c79454f0ffe23bd9b789f
    • Opcode Fuzzy Hash: 924b0eea400153300a2144cf2c48e38808e4994b33e7167012d46d5a002d5ad9
    • Instruction Fuzzy Hash: A201843270A90D4FEA94EB6CA4AC56C37D2EF9C21135601B6E40DCB376ED259C424740
    Function 00007FFD9B89519B Relevance: .1, Instructions: 55COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 43d8b7b879bedcf0642009a69d68c270fee4c3a73bf2cad4664e771f78085423
    • Instruction ID: 89503b51c83aa1b6a842f8d63af362e72dde8e9786c59ac75613c6daacf3c923
    • Opcode Fuzzy Hash: 43d8b7b879bedcf0642009a69d68c270fee4c3a73bf2cad4664e771f78085423
    • Instruction Fuzzy Hash: 08114F71A5995E4FDF98EB68C8A5BE8B7E1FF58340F0000B6D40DC3196DE346A418B40
    Function 00007FFD9B892FF9 Relevance: .1, Instructions: 53COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5737fa2cebd1fa9a100781e8e02bbf4d74ae17518180bbfcb9c9838a85ba03b5
    • Instruction ID: fe2a8c387cd67dd3134e31ad22615438e00e321aa8fa22c5ef10cc64b5631d13
    • Opcode Fuzzy Hash: 5737fa2cebd1fa9a100781e8e02bbf4d74ae17518180bbfcb9c9838a85ba03b5
    • Instruction Fuzzy Hash: 35014C3150E68D5FD751DFA4CCA59E9BFF0EF8A200B0942F6D048C7063DA2865478740
    Function 00007FFD9B892DE1 Relevance: .0, Instructions: 48COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a2d45af45b4b070142c412efcabae346076e467870c7283d5a797bda6c426820
    • Instruction ID: f2a9efa7bfa85099b009604362a2340d3286269570548bf1b0e349b38956bf2a
    • Opcode Fuzzy Hash: a2d45af45b4b070142c412efcabae346076e467870c7283d5a797bda6c426820
    • Instruction Fuzzy Hash: 46F0E07260D64C5DF7589E59BC5B9F53B98D747234F00002EF44D82163E1527913C255
    Function 00007FFD9B894F66 Relevance: .0, Instructions: 39COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4542236b100e36b652b7a2ae269d747c0002e6821ff296d0fb0b51079e0c3acd
    • Instruction ID: ddcfe02d55ffd0f5555e440d8fe43a48be5142f8cff5e2114dae00efa2386c58
    • Opcode Fuzzy Hash: 4542236b100e36b652b7a2ae269d747c0002e6821ff296d0fb0b51079e0c3acd
    • Instruction Fuzzy Hash: FE01B130A0D78A8FDB56DB3488A5A947BB0AF1A304F0941F7D40DCB0A7EA342A46CB01
    Function 00007FFD9B8912B9 Relevance: .0, Instructions: 30COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f735f13cb3d582e2e280d8f97c6881d44fb6a2bdce79b5641ffdfc61d1c0db9a
    • Instruction ID: 033d2f63aeeb355297e30eebecf66f5056e50be6f61e0f4e9cd32498069cf355
    • Opcode Fuzzy Hash: f735f13cb3d582e2e280d8f97c6881d44fb6a2bdce79b5641ffdfc61d1c0db9a
    • Instruction Fuzzy Hash: E6F08212E1E69A0FEBB673A454720EC2F629F5A210B4600FBD148CA0E7DD0D69454306
    Function 00007FFD9B891311 Relevance: .0, Instructions: 29COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fdd4f9ec0516c3f0da01520bd0d451bef062492d528e2cfbd4df79e57903760c
    • Instruction ID: 303a39f5f6648b60148ce8e3f5b9612b45004cb4516b1155bd16a21eeb382c28
    • Opcode Fuzzy Hash: fdd4f9ec0516c3f0da01520bd0d451bef062492d528e2cfbd4df79e57903760c
    • Instruction Fuzzy Hash: 69E0D853B1EAD90FDBF1B32C18651543EA19B0D60070A04DFC088C71E3E5041C0C9381
    Function 00007FFD9B894CD4 Relevance: .0, Instructions: 25COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3194e0d8347f89d414920cecf767df669e576c55aecbedefed4e9c186a72f42b
    • Instruction ID: 25efa7924ee35c6ac95e43a3c6352a8b156f38e13a8af0f485b61c341940c769
    • Opcode Fuzzy Hash: 3194e0d8347f89d414920cecf767df669e576c55aecbedefed4e9c186a72f42b
    • Instruction Fuzzy Hash: B4E0E5B1F19A4E4FEFE9DB6488943A973A0FF18300F4801FAD809D7097DE34A9018B00
    Function 00007FFD9B8931F0 Relevance: .0, Instructions: 13COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6e0bf2b5a83d693909d0a4fbda8a6b5b1b9a547fe8d1f463df972ce00fd5cf6f
    • Instruction ID: 59d5412e37318a115266ae707926179e25f42694e0e366b056ce28b5aedea77a
    • Opcode Fuzzy Hash: 6e0bf2b5a83d693909d0a4fbda8a6b5b1b9a547fe8d1f463df972ce00fd5cf6f
    • Instruction Fuzzy Hash: 28C04C04E6640A01ED6833F90D5A2E519C06F98215FC50170EC08C2591E94E56D94252
    Function 00007FFD9B891AA8 Relevance: .0, Instructions: 13COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1784205137.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffd9b890000_Consignment Notification-#U00a0 705643291003.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3b6247ddcda693322dbfbfc9ab6a9e9772f9c4561d18bf54bf19f3521d82b7b6
    • Instruction ID: 8a74bcc35b9cd60df4a410c79ad0f7e347f464fe7951658ab997150f1f417353
    • Opcode Fuzzy Hash: 3b6247ddcda693322dbfbfc9ab6a9e9772f9c4561d18bf54bf19f3521d82b7b6
    • Instruction Fuzzy Hash: 34C08000F1E11B41FF7833F81D6A0F529C0AF4C219F4101B1D80E810F7FD0C15950151