Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
AWB NO - 09804803510.exe

Overview

General Information

Sample name:AWB NO - 09804803510.exe
Analysis ID:1670873
MD5:39a84c59e90240d037677f13a437cac1
SHA1:8dca8310f7d5ffa031e0924f704147aac944025c
SHA256:f0ee7d7d77c4cdefd09ea4b525a36027afde19a30d08675e1861c75699723bb7
Tags:exeuser-sda
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Potential time zone aware malware
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • AWB NO - 09804803510.exe (PID: 7644 cmdline: "C:\Users\user\Desktop\AWB NO - 09804803510.exe" dumpChromeCache MD5: 39A84C59E90240D037677F13A437CAC1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: AWB NO - 09804803510.exeReversingLabs: Detection: 19%
Source: AWB NO - 09804803510.exeVirustotal: Detection: 30%Perma Link
Source: AWB NO - 09804803510.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeCode function: 4x nop then jmp 00007FFC3DE34610h0_2_00007FFC3DE33E5E
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeCode function: 4x nop then jmp 00007FFC3DE34610h0_2_00007FFC3DE342C3
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: AWB NO - 09804803510.exeString found in binary or memory: http://www.netflix.com/browse
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeCode function: 0_2_00007FFC3DE324080_2_00007FFC3DE32408
Source: AWB NO - 09804803510.exeStatic PE information: No import functions for PE file found
Source: AWB NO - 09804803510.exe, 00000000.00000000.1197188957.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamekFxG.exe0 vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exeBinary or memory string: OriginalFilenamekFxG.exe0 vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeMutant created: NULL
Source: AWB NO - 09804803510.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: AWB NO - 09804803510.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: AWB NO - 09804803510.exeReversingLabs: Detection: 19%
Source: AWB NO - 09804803510.exeVirustotal: Detection: 30%
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: AWB NO - 09804803510.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: AWB NO - 09804803510.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: AWB NO - 09804803510.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeCode function: 0_2_00007FFC3DE33E5E push edi; retf 0_2_00007FFC3DE34231
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeCode function: 0_2_00007FFC3DE341F9 push edi; retf 0_2_00007FFC3DE34231
Source: AWB NO - 09804803510.exeStatic PE information: section name: .text entropy: 7.703615388206593
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeMemory allocated: 18C0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeMemory allocated: 1C080000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeMemory allocated: page read and write | page guardJump to behavior
Source: AWB NO - 09804803510.exe, 00000000.00000002.1234260106.0000000004081000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: AWB NO - 09804803510.exeBinary or memory string: Shell_TrayWnd;http://www.netflix.com/browse
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Users\user\Desktop\AWB NO - 09804803510.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Software Packing		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
Obfuscated Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1670873 Sample: AWB NO - 09804803510.exe Startdate: 22/04/2025 Architecture: WINDOWS Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 AWB NO - 09804803510.exe 2 2->5         started        process3

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
AWB NO - 09804803510.exe19%ReversingLabs
AWB NO - 09804803510.exe31%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.typography.netDAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    http://www.fontbureau.com/designers/cabarga.htmlNAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.founder.com.cn/cn/cTheAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.apache.org/licenses/LICENSE-2.0AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.fontbureau.comAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.fontbureau.com/designersGAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.galapagosdesign.com/staff/dennis.htmAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.founder.com.cn/cnAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.com/designers/frere-user.htmlAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers/?AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bTheAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers?AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.jiyu-kobo.co.jp/AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.galapagosdesign.com/DPleaseAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers8AWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.tiro.comAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fonts.comAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designersAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.urwpp.deDPleaseAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.zhongyicts.com.cnAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.sakkal.comAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.netflix.com/browseAWB NO - 09804803510.exefalse
                                              		high
                                              http://www.carterandcone.comlAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.sajatypeworks.comAWB NO - 09804803510.exe, 00000000.00000002.1236091093.000000001E252000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high

                                                  World Map of Contacted IPs

                                                  No contacted IP infos

                                                  General Information

                                                  Joe Sandbox version:42.0.0 Malachite
                                                  Analysis ID:1670873
                                                  Start date and time:2025-04-22 09:01:41 +02:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 2m 16s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Run name:Run with higher sleep bypass
                                                  Number of analysed new started processes analysed:2
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Power Change
                                                  Sample name:AWB NO - 09804803510.exe
                                                  Detection:MAL
                                                  Classification:mal48.winEXE@1/0@0/0
                                                  EGA Information:Failed
                                                  HCA Information:
                                                  • Successful, ratio: 98%
                                                  • Number of executed functions: 48
                                                  • Number of non-executed functions: 3
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe
                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                  • Stop behavior analysis, all processes terminated
                                                  • Exclude process from analysis (whitelisted): svchost.exe
                                                  • Execution Graph export aborted for target AWB NO - 09804803510.exe, PID 7644 because it is empty

                                                  Simulations

                                                  Behavior and APIs

                                                  No simulations

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  No context

                                                  ASNs

                                                  No context

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  No created / dropped files found

                                                  Static File Info

                                                  General

                                                  File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.701728451446367
                                                  TrID:
                                                  • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                  • Win64 Executable GUI (202006/5) 46.43%
                                                  • Win64 Executable (generic) (12005/4) 2.76%
                                                  • Generic Win/DOS Executable (2004/3) 0.46%
                                                  • DOS Executable Generic (2002/1) 0.46%
                                                  File name:AWB NO - 09804803510.exe
                                                  File size:874'496 bytes
                                                  MD5:39a84c59e90240d037677f13a437cac1
                                                  SHA1:8dca8310f7d5ffa031e0924f704147aac944025c
                                                  SHA256:f0ee7d7d77c4cdefd09ea4b525a36027afde19a30d08675e1861c75699723bb7
                                                  SHA512:7568c231997d52f508131245d72addfd10b77820e23badf863ff6420cb98392b62e1a531ff1fda983c63b9df14f6340fa4297f9eee27c88bae555a3bf52929bd
                                                  SSDEEP:24576:wd6fTDxSso0POSJ4qzM/LY6+msayjgA8UO0euWt:wYbDxSJAOCAarjgPj7
                                                  TLSH:FF05F1C03B243305DD39967085A9DDB462662E74B010F9E75ED937A73BEA212AE1DF03
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......h.........."...0..8............... .....@..... ....................................@...@......@............... .....

                                                  File Icon

                                                  Icon Hash:4d4d0c8d9b0c4d4c

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x140000000
                                                  Entrypoint Section:
                                                  Digitally signed:false
                                                  Imagebase:0x140000000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x680707CA [Tue Apr 22 03:06:50 2025 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:
                                                  Instruction
                                                  dec ebp
                                                  pop edx
                                                  nop
                                                  add byte ptr [ebx], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax+eax], al
                                                  add byte ptr [eax], al
                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd60000x1db4.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000xd36500xd380061275a59b9e210837fe5ebdaef3c3ae6False0.8960988290484634data7.703615388206593IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rsrc0xd60000x1db40x1e00b19e25f281191c1386922932208ef17fFalse0.8151041666666666data7.264468092286236IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_ICON0xd61000x175fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9094099949857931
                                                  RT_GROUP_ICON0xd78700x14data1.05
                                                  RT_VERSION0xd78940x320data0.5075
                                                  RT_MANIFEST0xd7bc40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                  DescriptionData
                                                  Translation0x0000 0x04b0
                                                  Comments
                                                  CompanyName
                                                  FileDescription
                                                  FileVersion1.0.0.0
                                                  InternalNamekFxG.exe
                                                  LegalCopyright
                                                  LegalTrademarks
                                                  OriginalFilenamekFxG.exe
                                                  ProductName
                                                  ProductVersion1.0.0.0
                                                  Assembly Version1.0.0.0

                                                  Network Behavior

                                                  No network behavior found

                                                  Statistics

                                                  CPU Usage

                                                  02468s020406080100

                                                  Click to jump to process

                                                  Memory Usage

                                                  02468s0.00204060MB

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  • File
                                                  • Registry

                                                  Click to dive into process behavior distribution

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:03:02:42
                                                  Start date:22/04/2025
                                                  Path:C:\Users\user\Desktop\AWB NO - 09804803510.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\Desktop\AWB NO - 09804803510.exe" dumpChromeCache
                                                  Imagebase:0xfc0000
                                                  File size:874'496 bytes
                                                  MD5 hash:39A84C59E90240D037677F13A437CAC1
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:false
                                                  Show Windows behavior

                                                  File Activities

                                                  Show Windows behavior

                                                  Section Activities

                                                  Show Windows behavior

                                                  Registry Activities

                                                  Show Windows behavior

                                                  Mutex Activities

                                                  Show Windows behavior

                                                  Process Activities

                                                  Show Windows behavior

                                                  Thread Activities

                                                  Show Windows behavior

                                                  Memory Activities

                                                  Show Windows behavior

                                                  System Activities

                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                  Show Windows behavior

                                                  Windows UI Activities

                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                  Disassembly

                                                  Executed Functions

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2$@
                                                  • API String ID: 0-1603946714
                                                  • Opcode ID: 936c3745cd5647880dbf28a5a7827cbf6e933a1b17a7f5093aca49fe2d29ea12
                                                  • Instruction ID: 3b336db77ac7061d5b00b346414cd48654a881a2371600ce80493b2781689880
                                                  • Opcode Fuzzy Hash: 936c3745cd5647880dbf28a5a7827cbf6e933a1b17a7f5093aca49fe2d29ea12
                                                  • Instruction Fuzzy Hash: 90221A31D0962D8FDB65DF68C885BE8BBB1EF58341F5001F9D40DA3292EA35AA85CF50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d4d6f4bf0f7a3173522e7eb26032f68bd2df3fe10b8a32acf2ae0528b18511d
                                                  • Instruction ID: 5c16d41cb7b1cfa0634df36b45e35042568ccdd1dd9031c3fbece51e9bd629b8
                                                  • Opcode Fuzzy Hash: 0d4d6f4bf0f7a3173522e7eb26032f68bd2df3fe10b8a32acf2ae0528b18511d
                                                  • Instruction Fuzzy Hash: F3629334A05A1D8FDB98EF18C494BA977A2FB69301F5444BDD00ED7396CF76A982CB10
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: S[
                                                  • API String ID: 0-2300449399
                                                  • Opcode ID: ac89cbb6351fefa0859e8193e06817c992ff196b82695c436491e84359089d8e
                                                  • Instruction ID: e603367317215197632b5c98b6a2a990524d03031b91c18a2df7289195caf935
                                                  • Opcode Fuzzy Hash: ac89cbb6351fefa0859e8193e06817c992ff196b82695c436491e84359089d8e
                                                  • Instruction Fuzzy Hash: C4E012B090825C8FC719DBA4CD466ADBB72FF01304F40419DD44A67351C7345841DF51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a56e1f9d55754df89575a57b438dd026c1940ac82c7b92bf34f777f292b49a2
                                                  • Instruction ID: 3ff8b1f60f8651d692f7227fddbaa3e72e0eef7c42d1e504e9c09f80cebe46ad
                                                  • Opcode Fuzzy Hash: 0a56e1f9d55754df89575a57b438dd026c1940ac82c7b92bf34f777f292b49a2
                                                  • Instruction Fuzzy Hash: A8B12532E0DA9E4FEB55DB6888152B97FE1FF95350F1401BAD049E3392EE289C01C366
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf690deed9eaf8b858bcc61cd4678f842c6b3785a6eabb370d864bbc02127e13
                                                  • Instruction ID: 42bff1c9bf962712d5b7a264d5cb570cb2223f9f27132e558082d907e0b85636
                                                  • Opcode Fuzzy Hash: bf690deed9eaf8b858bcc61cd4678f842c6b3785a6eabb370d864bbc02127e13
                                                  • Instruction Fuzzy Hash: B1F1C570D08A6D8FDBA4EF58C895BE8BBB1FF58301F5041A9D04DE3292DA356991CF50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c20f6df2226271f0562bdcd75b9c89d0aed7f2198f3ccb4184cbae4a729cc77
                                                  • Instruction ID: 1a76d955fe108bf4202c3bcf60ac4f770db6814ced322149c5521f9038decbbe
                                                  • Opcode Fuzzy Hash: 5c20f6df2226271f0562bdcd75b9c89d0aed7f2198f3ccb4184cbae4a729cc77
                                                  • Instruction Fuzzy Hash: 57C19C74A1891D8FCB98EF1CC894BA9B7E1FF69301F5142A8A51DD7266CA30ED81CB44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce67133dfd2df8883251999ffc5d2ca346f9554b6d2e303f948997bfb376b0e6
                                                  • Instruction ID: be73769f56891db76edb7266d627ee354d344040a09832125234707cf88772d9
                                                  • Opcode Fuzzy Hash: ce67133dfd2df8883251999ffc5d2ca346f9554b6d2e303f948997bfb376b0e6
                                                  • Instruction Fuzzy Hash: 9BA1D430A04A2D8FDBA9EF18C895BA9B7B1FB58301F5005F9900DE3291DF75AA81CF50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52ef15a1940ce0a2887c10083580a3acac446fcd6cffb1d8724f15523ab077a5
                                                  • Instruction ID: 63a0de5066b90f8e99d7fc58e955026ebf450492f02f5f6552ee9e1b107b6e49
                                                  • Opcode Fuzzy Hash: 52ef15a1940ce0a2887c10083580a3acac446fcd6cffb1d8724f15523ab077a5
                                                  • Instruction Fuzzy Hash: 4E91D970D08A6D8FDBA9DB188895BA8BBF5FB68701F4441E9D00DE3291DE356E81CF14
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 722e3e6ca3f1c180e03b496113a20371d1ecc201d995930cd8e97f88001124b0
                                                  • Instruction ID: accc2a7c91c762ba11fcb2fb5e150762abd4cbdacd922167b9d8586b94d1dfde
                                                  • Opcode Fuzzy Hash: 722e3e6ca3f1c180e03b496113a20371d1ecc201d995930cd8e97f88001124b0
                                                  • Instruction Fuzzy Hash: 0B518F71A1895F4FDB98EE58C8846F9B7B1FF64351F4042F6904DC32A6EE346A81CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4d4e3a4ee6638f40fadabb92278a567da55eecae7df3dcc667fa0b6dc743d7f
                                                  • Instruction ID: fd1f32e46ab8ea0c9838b93e21a0e3d681db571de1b1381f39c6c5778c62decf
                                                  • Opcode Fuzzy Hash: a4d4e3a4ee6638f40fadabb92278a567da55eecae7df3dcc667fa0b6dc743d7f
                                                  • Instruction Fuzzy Hash: 0A412E7191896E8FEBA4EA58C8457F9B7B1FB98340F4002B6D44DE3255EE346E81CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 612dce4607ee7fde8e2aeeb94b35b3d60bbd84edb7623466af47347d8b24a7b3
                                                  • Instruction ID: 794a783fd6cadb058dde337fadc942c1b4ed220debc4be130774da069715f804
                                                  • Opcode Fuzzy Hash: 612dce4607ee7fde8e2aeeb94b35b3d60bbd84edb7623466af47347d8b24a7b3
                                                  • Instruction Fuzzy Hash: 70410974A04A1D8FDF98EB98C884BECB7F2FB68341F10416AD00DE7355DA346845DB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6f683a218a3cd0448723e92a36227455d0ca47f262bca63dbd383310cd8620f
                                                  • Instruction ID: 940c0e907da1bee1766f87e270030e5344163aa682cced91c25d50a5404f2165
                                                  • Opcode Fuzzy Hash: c6f683a218a3cd0448723e92a36227455d0ca47f262bca63dbd383310cd8620f
                                                  • Instruction Fuzzy Hash: E4413E7191896E8FEBA4EE58C8457F9B7B1FF68340F4002B6C44DE3256EE356982CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99c8d00fe3b86e3417e0aa8f5b7c28192063ecbe223a09bcbee796324eb6401b
                                                  • Instruction ID: f31b5e65c9cda83e2a403f23ca09a83020e169979a25578b4f38135e6c8adff1
                                                  • Opcode Fuzzy Hash: 99c8d00fe3b86e3417e0aa8f5b7c28192063ecbe223a09bcbee796324eb6401b
                                                  • Instruction Fuzzy Hash: 3C41D430A0865D8FDB55EF94C844AEEBBF1FF99350F0006BAD409EB395DA34A945CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cda24abf673d66ce665aeff3d93c4125e0bac7dae69bd09ac7832a443a4bc86
                                                  • Instruction ID: f6baefb61474f6aed8452f3b10ef4a697d117368bf30bf6820e5b6fede15b549
                                                  • Opcode Fuzzy Hash: 8cda24abf673d66ce665aeff3d93c4125e0bac7dae69bd09ac7832a443a4bc86
                                                  • Instruction Fuzzy Hash: 1E41D83490491D8FDBA8EB18C894BA977B2FF59300F5045B9D00DD72A6DE35AD86CB10
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 64e9cb5c304ba2250ce6dbfa006a6f721b523249363e53be9d15ed1a564ae68c
                                                  • Instruction ID: 5edc40f1f49c2d03ef431b28994f4dd9cb7d5a59a5a1e04b2e46c5489bfc7f56
                                                  • Opcode Fuzzy Hash: 64e9cb5c304ba2250ce6dbfa006a6f721b523249363e53be9d15ed1a564ae68c
                                                  • Instruction Fuzzy Hash: EB41FB7490491D8FDBA8EF58C494BA977B1FF69341F1001B9E00EE72A6DB35AE85CB10
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: feacd38d278682a25a826fd172fe8c9bb5bc8bcde072a60c1514644d7115f2a6
                                                  • Instruction ID: 4bb8aa4e18b3093f58cf023772cf688080f8dd0c9f654b8d2dc109f86be4582f
                                                  • Opcode Fuzzy Hash: feacd38d278682a25a826fd172fe8c9bb5bc8bcde072a60c1514644d7115f2a6
                                                  • Instruction Fuzzy Hash: DD21B27090879D8FDB56DF64C844ADA7BF1FF9A310F0106ABD40CDB2A1DA74A944CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d1bd2b154e2fa2549da5f5df33ce526fa07d8b901b3d025be0037d6724a9a84
                                                  • Instruction ID: f599a88a8d5a41cdd0338ec4fdc9fa5a677d27ebfe73d22cabb8f38405873541
                                                  • Opcode Fuzzy Hash: 1d1bd2b154e2fa2549da5f5df33ce526fa07d8b901b3d025be0037d6724a9a84
                                                  • Instruction Fuzzy Hash: 7721CD71918A9E8FEBA4DE1888587E67BA1FB65301F0001FAD04DC6292EE355994CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 645268cf97b7bd83a25fffaf09e4f10d76c94677ca65fc6005ba35c582488f90
                                                  • Instruction ID: 0af809a614607559e4af9c5ae101079d7ebbbbd15bd34276e6163006cf35c830
                                                  • Opcode Fuzzy Hash: 645268cf97b7bd83a25fffaf09e4f10d76c94677ca65fc6005ba35c582488f90
                                                  • Instruction Fuzzy Hash: 9021E874A08A2D8FDF98EA9CD844BEDB7F2FB68341F1001AAD00DE7351DA35A841DB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf00d299b1b6e7e27814c5ca1e6bf620b978e757651a6266d8af13a59e0659b5
                                                  • Instruction ID: eeda61c58afcd0945c8e77db50333b1212c578d4c7a19fe58e7aa47a20d875dc
                                                  • Opcode Fuzzy Hash: cf00d299b1b6e7e27814c5ca1e6bf620b978e757651a6266d8af13a59e0659b5
                                                  • Instruction Fuzzy Hash: 7B11E271918A9E8FDBA4DF18C8587E67BA1FB64301F0001FAD44DD3282DF355951CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 720a23cb2eceb2725d06c77839281bd018751f2985f2e1e94caa7c73052d6a1a
                                                  • Instruction ID: 8a836aa6d0f342dd2d8895ed21969a5710698cfdc35dc364f31b4052cb168e4e
                                                  • Opcode Fuzzy Hash: 720a23cb2eceb2725d06c77839281bd018751f2985f2e1e94caa7c73052d6a1a
                                                  • Instruction Fuzzy Hash: F4219D7090D69D8FDB06CB64CC116EA7FB1EF46310F0541ABD055E72A2DA28A916CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d957c109ea3016184584f9d84926afa55b9696d434e86d4132b577fe42568db1
                                                  • Instruction ID: e4c11a79c33012c7131f04ba210f88c99b6ef14888bb9112d706f58e2ea089b2
                                                  • Opcode Fuzzy Hash: d957c109ea3016184584f9d84926afa55b9696d434e86d4132b577fe42568db1
                                                  • Instruction Fuzzy Hash: 2F216070A0460E8FDB48CF58C8859BEB7F1FB58310F14862AD415E7354DB34E942CB94
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8feecec5b0d62157a0d5c27cbd7d2d40d8ec3f996c07171159b92ff5a3eaf237
                                                  • Instruction ID: 5035e41ba633e3e521594096a6fee13a37d46380dc1f24dff2716f662ae5d9ea
                                                  • Opcode Fuzzy Hash: 8feecec5b0d62157a0d5c27cbd7d2d40d8ec3f996c07171159b92ff5a3eaf237
                                                  • Instruction Fuzzy Hash: 1B110A71A0852E8BDB14DB94D8406FEBBF5FB88350F40417AD41AE3390EB79A915CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 33d9069db4fd0aee92f79b47eda478f631d8ed5ac2c8a45e815ff2b4998a094a
                                                  • Instruction ID: 2424cb65a7f44ee34bdb86d7f6df09d49aada1e10fe76b6b7e2ed2d16f3d04e6
                                                  • Opcode Fuzzy Hash: 33d9069db4fd0aee92f79b47eda478f631d8ed5ac2c8a45e815ff2b4998a094a
                                                  • Instruction Fuzzy Hash: 64113A7090856E8BDB14DB98D8506EEBBF1FF48310F44417AD059A3381EA38A955CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e39ca801027219c2f25579ed97193c08b188ae3cd14e1ea1badefbfaae7baa0
                                                  • Instruction ID: 2c9b6cc1d08a6d6f8e387624ad57f4e0c53aa87d9e416d5562195f4f5c75896b
                                                  • Opcode Fuzzy Hash: 3e39ca801027219c2f25579ed97193c08b188ae3cd14e1ea1badefbfaae7baa0
                                                  • Instruction Fuzzy Hash: 7C111CB1D04A6D8FEBA4DF1488597F8B7F1FB58341F0041AA804DE32A1EF345A84CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d524b855ff5e80fa425773f1389fcaa7adc1fa5081dd021d059b0b32f3ae6fa
                                                  • Instruction ID: f067c86d0a7b95abb87271f7daefd38f894c225cf631a66e73e3a4885780e886
                                                  • Opcode Fuzzy Hash: 8d524b855ff5e80fa425773f1389fcaa7adc1fa5081dd021d059b0b32f3ae6fa
                                                  • Instruction Fuzzy Hash: BB01652290E3EE5FDB139A7858650E4BF70AF43255B0941F7C0989F0E3ED145859C3A5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46f81ee05ceade426d82c86b4a793e81539f585defb4a13605c39c3fe5d9c6bb
                                                  • Instruction ID: eadb41da7b2acc2f76f8a5c2a978f8a79f910ff161bd0ff848ff0a089576c68b
                                                  • Opcode Fuzzy Hash: 46f81ee05ceade426d82c86b4a793e81539f585defb4a13605c39c3fe5d9c6bb
                                                  • Instruction Fuzzy Hash: 4501CC7080C3CD8FD742DF6488495E43FB0FF4A248F0901EAE88987293EB3A9816C781
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b147f026093534abc10deb6cbca6b9d62be27cfc8fe80e98610eae9766c8ab1
                                                  • Instruction ID: 34e570953760551d1e468ab2b4ea957a23a4ec229aa13707489c1bf070b2fa5b
                                                  • Opcode Fuzzy Hash: 4b147f026093534abc10deb6cbca6b9d62be27cfc8fe80e98610eae9766c8ab1
                                                  • Instruction Fuzzy Hash: 6B11FA34E1561D8FCB48EFA8D884AADB7F2FB98301F508129D00AEB394DB34A905DF04
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa908627ff44d8664a8c4497bcd6b90f1e8dfb080937a3a2640d14f4372a635b
                                                  • Instruction ID: 67dd4bc2301acf7e95edda1acf990eac4e645dc9db5f6599ce495fbc7974bec9
                                                  • Opcode Fuzzy Hash: fa908627ff44d8664a8c4497bcd6b90f1e8dfb080937a3a2640d14f4372a635b
                                                  • Instruction Fuzzy Hash: DC01A76290D3AE5FDB179E6898A50F8BF71AF53261B0901F7C088DF0E3ED146856C3A5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d83befd61058c8308adfe8652e75156afd78b39e7c3fe8cd60130eed9786c155
                                                  • Instruction ID: 6058ffd45c198d3ef2d7189dddc5ccb90579c54846c79170154752b5398ec12d
                                                  • Opcode Fuzzy Hash: d83befd61058c8308adfe8652e75156afd78b39e7c3fe8cd60130eed9786c155
                                                  • Instruction Fuzzy Hash: 1501C23148D3DA4FCB039BA04C614E83F709F53290B0E42E7E489CB193D61CD806D3A2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5bc6167757d2bf0d96748eff5bef7e7597275e0b4d882b1f236c6e895d8aa42f
                                                  • Instruction ID: 2578542ed73bb1a000fa97009917430ee418beacc622a5a2c898ce2b3a155d8f
                                                  • Opcode Fuzzy Hash: 5bc6167757d2bf0d96748eff5bef7e7597275e0b4d882b1f236c6e895d8aa42f
                                                  • Instruction Fuzzy Hash: 30019631C0822E8ADB75DAA49846AF97BB0FF45345F1046B8E40963692FA34E849D7A0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0556547cce56883213ffbd22e185b1bcb8ff2c9fb40b706aa37aba63ebc5da05
                                                  • Instruction ID: 23f13e2410dcc5ca941db4fa11b879c1d77d62562960b9b3912e77e18857bcdd
                                                  • Opcode Fuzzy Hash: 0556547cce56883213ffbd22e185b1bcb8ff2c9fb40b706aa37aba63ebc5da05
                                                  • Instruction Fuzzy Hash: 280121B5C1852E8FEB64EB548455AF8BBB1FF18340F4440B9C04DE2291EE351944CF20
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 77380b1ef0c14657d69559a008f49e2052638d0c92a45c6b8c413cacc36244f8
                                                  • Instruction ID: 64045f5966676adc8ba77410c6694cd062cb5122b32efd0f6b2ef061d9add636
                                                  • Opcode Fuzzy Hash: 77380b1ef0c14657d69559a008f49e2052638d0c92a45c6b8c413cacc36244f8
                                                  • Instruction Fuzzy Hash: A1F0D17180864D8FE750EB6888552EDBFB0EF84201F8401F6C048D7292FE285454C751
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a5aa576556367938031d840172567333c425d4cd28b461f73e2eddf618117e1
                                                  • Instruction ID: 339ca9e41293e476e1014ee6c503c7d223d83a24a00d4e6fa1abd5bf76c0e8ff
                                                  • Opcode Fuzzy Hash: 1a5aa576556367938031d840172567333c425d4cd28b461f73e2eddf618117e1
                                                  • Instruction Fuzzy Hash: 2AF0682590D39D5FD7139A6454650F4BF70AF13155B0940F7C088DB193ED19585AC365
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f36e5548251655b88f509a5dad5bbd3e6169523b01fef0d3391bec989dec3d5
                                                  • Instruction ID: 760d2c4e071f9067352773dc62f632bd6fb7b52ae5b5a1e320490cea1f0d6297
                                                  • Opcode Fuzzy Hash: 9f36e5548251655b88f509a5dad5bbd3e6169523b01fef0d3391bec989dec3d5
                                                  • Instruction Fuzzy Hash: 81F08770814A4D8BDB54EF5888462F97FE0FF58344F44026AE80892291EA34E554CB81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40a1faecb579b36d1aada112833766857bd46bc6186c404e844630e2b55d664f
                                                  • Instruction ID: 6ec61308134415502b500fd10d0bf3fcf7132aaacc2462bac846998fd521e16a
                                                  • Opcode Fuzzy Hash: 40a1faecb579b36d1aada112833766857bd46bc6186c404e844630e2b55d664f
                                                  • Instruction Fuzzy Hash: F0F05E2180D29D5FDB139BA498650F8BF70AF03240B0900F7C0889B0A3EE186859C3A5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cc694ef8ea69f672f1277959a3539c5d15e375ce6088f7c260e48bdaefb4dcc4
                                                  • Instruction ID: b8dc56b62ba06b8636e8716b0e45086c90a19400c3a7a56f71a48cf548f72cf9
                                                  • Opcode Fuzzy Hash: cc694ef8ea69f672f1277959a3539c5d15e375ce6088f7c260e48bdaefb4dcc4
                                                  • Instruction Fuzzy Hash: 86F0627080D55E4FDB05EFA0C5858FDBB71FF11344B5002ADC0166B257EA29A406DF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 025fb420503f2235d9d0d2b00e302c2b9599aabfe838ecdc17dc779a308b3888
                                                  • Instruction ID: 81ef727bfb23bdfdb90d22a2c28cc7843936e814af9e80d5cbcc3277cdb07979
                                                  • Opcode Fuzzy Hash: 025fb420503f2235d9d0d2b00e302c2b9599aabfe838ecdc17dc779a308b3888
                                                  • Instruction Fuzzy Hash: B9F03A70C1961E8FDB14EFA0C4454BDBB61FF10785BA006B9C01A67286FF35A401DB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f78d56e8449de482c9e893fddcea9a3d7d563466d76e6380d8afebc1f5bcf47e
                                                  • Instruction ID: 4ad80903275ff7ef5554d14fded427b71381c6681f50e790f9742d9dea2139ef
                                                  • Opcode Fuzzy Hash: f78d56e8449de482c9e893fddcea9a3d7d563466d76e6380d8afebc1f5bcf47e
                                                  • Instruction Fuzzy Hash: B3F0BC7090025E8FCB9CDF45C8A1AEEB7B1FB49300F1081AA851AA7395CB34A952CF40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dac8e2417a9847b4c255ce746d1b47e31d399af9d2a83b8a51f88b0cda3ab4a3
                                                  • Instruction ID: 9fc06ec92acdd107ca9d11eeff939bc52262a084aeb20a65e02dd98054ecc287
                                                  • Opcode Fuzzy Hash: dac8e2417a9847b4c255ce746d1b47e31d399af9d2a83b8a51f88b0cda3ab4a3
                                                  • Instruction Fuzzy Hash: 84E0657081E53E8FDB59CBA585001BCBAA1BF543C0BB0447DC40A5A380FB3A5911EE74
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0dfed128b37d39f2faa450f703e2c55f14cb87d14f5d87d9da99df560e3c810b
                                                  • Instruction ID: 550091530b08c6525a347eba00bf89fe84c044acfb3a3fd8f8f5c3fe17218e51
                                                  • Opcode Fuzzy Hash: 0dfed128b37d39f2faa450f703e2c55f14cb87d14f5d87d9da99df560e3c810b
                                                  • Instruction Fuzzy Hash: DCE04F7086425E9AE714AF649D452EA7BA4FF04308F400576E41992192EA34A624CA51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 19f29123ba9413098ddb6b72639a8fbd327c86238efc789f7efd550d0842e08d
                                                  • Instruction ID: cb92bdcfc07f0928c394cbaaf317ea5d206e9e62c25be88bbd7d6fb5afc3d14a
                                                  • Opcode Fuzzy Hash: 19f29123ba9413098ddb6b72639a8fbd327c86238efc789f7efd550d0842e08d
                                                  • Instruction Fuzzy Hash: 75E02CA0CAD29E4AFB68ABA840892B47EE0EF06348F400879D08980283FD241498C2A0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 06a78d1b21311d1d9a25a7544e6bbd51e777934d75d0f2759857b9f82145249e
                                                  • Instruction ID: 33b61bc498e1018f84915977079530e7cf521bfbfc6331e646c5e3f8af2ffe6b
                                                  • Opcode Fuzzy Hash: 06a78d1b21311d1d9a25a7544e6bbd51e777934d75d0f2759857b9f82145249e
                                                  • Instruction Fuzzy Hash: 16D0123154D68C8FCB11DE80DC565F93BB1AF59354F4611A2E41D87252DA29E810D791
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5bdf98b5fa7f24cbad5c89a93da79f81b41d329a6067dc0aadc24a815d431712
                                                  • Instruction ID: aea6242b328cfe01e5bc4b735af25aa4c3277f9a3e81543a3389ff6ac7ea9b75
                                                  • Opcode Fuzzy Hash: 5bdf98b5fa7f24cbad5c89a93da79f81b41d329a6067dc0aadc24a815d431712
                                                  • Instruction Fuzzy Hash: 4FD02B31C1D15DCAEF55EBB488062F87FA0FF04384F8405BAE40C81182FE745118C651
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d0303ad10769a8141834addba069c49cd6ee81b75a3eb386ce30bd0c79d8e108
                                                  • Instruction ID: ae84584430286146c2121590493c17a77ecccea97b3e449946040fd2d27b54de
                                                  • Opcode Fuzzy Hash: d0303ad10769a8141834addba069c49cd6ee81b75a3eb386ce30bd0c79d8e108
                                                  • Instruction Fuzzy Hash: FDE0AEB0D0822D8FDB68DF58C8906EDB771BF55304F1082A9886AA7385DA75AA81CF40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15cb0a68eae924f5a2ce91f903aee303444cf97407e1a942f6342b1b9362aa3c
                                                  • Instruction ID: decfee63ae979cac1430632452b7619ab0782cebbd5cad46ebdde339c4a8951f
                                                  • Opcode Fuzzy Hash: 15cb0a68eae924f5a2ce91f903aee303444cf97407e1a942f6342b1b9362aa3c
                                                  • Instruction Fuzzy Hash: 76D0C931D0540C9ADB50EF98E8415FCBBB4EF49211F0011B6D40DE3192EF312A51C651
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27c49c2fc427866d55b58d861df9703a4775a5d0f66f87f8bbc1aafef2205757
                                                  • Instruction ID: 54aa4a6a231701676f9f1bca7a8c1da84e94a11509ddc6dfa01582330a37c3f8
                                                  • Opcode Fuzzy Hash: 27c49c2fc427866d55b58d861df9703a4775a5d0f66f87f8bbc1aafef2205757
                                                  • Instruction Fuzzy Hash: 0BE0B67092825E8BCB44EF95C8818FEBBB1BF48341F604834D416A3395DA38A900DB70
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bca2d7388d21f40cb1e6f8e0577397121f5340e1570c8de29961d2d3320eb476
                                                  • Instruction ID: 4cb5054c8291fd1407c95bbe13a6df25c2b9d90421f43230e97c090d0dcb3602
                                                  • Opcode Fuzzy Hash: bca2d7388d21f40cb1e6f8e0577397121f5340e1570c8de29961d2d3320eb476
                                                  • Instruction Fuzzy Hash: 40E01230C1451E9EDB95DBA9C5403ECBAB1BF98341F8084B9D04EF2255DF345940CF60
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d4b586d88215bb1b275899f7dc1c39e8116adb8ffe63bd14e04dbc9989b711eb
                                                  • Instruction ID: 49c26e592e165d0ef11610cb153c75736cc70fdb192a1d533a769fe45d3452cb
                                                  • Opcode Fuzzy Hash: d4b586d88215bb1b275899f7dc1c39e8116adb8ffe63bd14e04dbc9989b711eb
                                                  • Instruction Fuzzy Hash: 35D09E3050561D8FCF98DE64C5405A87761AF54384B901469D01A9A285D7359811DF24

                                                  Non-executed Functions

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2
                                                  • API String ID: 0-450215437
                                                  • Opcode ID: 620da97a80ed05c33feb59f6914bc60380d5feb4be817f35e79b446a068b914b
                                                  • Instruction ID: 3fa47d12b894c9f3fcf4641574769b99a7f8eb6cc25e9ce8e497361c61b72d22
                                                  • Opcode Fuzzy Hash: 620da97a80ed05c33feb59f6914bc60380d5feb4be817f35e79b446a068b914b
                                                  • Instruction Fuzzy Hash: 2BD10771D0822D8FDB69DF64C490AFCBBB1BF58304F5045B9D04DA7282EA35AA85CF60
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $=$0$=$@$=$P$=$`$=$p$=$)=
                                                  • API String ID: 0-3362500309
                                                  • Opcode ID: a77750f13b42700b175197c494af69602a80c7a9bb146096c29c98d54a0c0d12
                                                  • Instruction ID: d715e5e22812ba71fe30fc0bd5f67355626a468ca14add50e5e623a609be6396
                                                  • Opcode Fuzzy Hash: a77750f13b42700b175197c494af69602a80c7a9bb146096c29c98d54a0c0d12
                                                  • Instruction Fuzzy Hash: 5571B907A0D6BA1BE622B3AD74611F9BF60DFC223674845B7D1CCCA593FC08594AC2B5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1236932287.00007FFC3DE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffc3de30000_AWB NO - 09804803510.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $=$0$=$@$=$P$=$`$=$p$=$)=
                                                  • API String ID: 0-3362500309
                                                  • Opcode ID: d9ffb3b0822c9d5bcd3102f7002e399d4c6dba7e3e92fef1fcdaf47585547e48
                                                  • Instruction ID: 3af588782a9d9b7050d65b80a9e3ebc6e6fc1f9bde1df6e713af39afddc10a30
                                                  • Opcode Fuzzy Hash: d9ffb3b0822c9d5bcd3102f7002e399d4c6dba7e3e92fef1fcdaf47585547e48
                                                  • Instruction Fuzzy Hash: FC71C807A0D5BA1BE622B3AD74611F9BF60DFC223A74845B7D1CCCA593FC08594AC2B5