Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 0166FCD1h |
2_2_0166FA10 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 0166EFDDh |
2_2_0166EDF0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 0166F967h |
2_2_0166EDF0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_0166E310 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBD869h |
2_2_05DBD5C0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DB1011h |
2_2_05DB0D60 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBCFB9h |
2_2_05DBCD10 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DB15D8h |
2_2_05DB1506 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DB0751h |
2_2_05DB04A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBC709h |
2_2_05DBC460 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBF6D1h |
2_2_05DBF428 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBF279h |
2_2_05DBEFD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBBA01h |
2_2_05DBB758 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBE9C9h |
2_2_05DBE720 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBE119h |
2_2_05DBDE70 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DB15D8h |
2_2_05DB11C0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DB15D8h |
2_2_05DB11B1 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBD411h |
2_2_05DBD168 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DB0BB1h |
2_2_05DB0900 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBFB29h |
2_2_05DBF880 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBCB61h |
2_2_05DBC8B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DB02F1h |
2_2_05DB0040 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBC2B1h |
2_2_05DBC008 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBBE59h |
2_2_05DBBBB0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBEE21h |
2_2_05DBEB78 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBB5A9h |
2_2_05DBB300 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBE571h |
2_2_05DBE2C8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 05DBDCC1h |
2_2_05DBDA18 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E98945h |
2_2_06E98608 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E96171h |
2_2_06E95EC8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_06E936CE |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E95D19h |
2_2_06E95A70 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E958C1h |
2_2_06E95618 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E96E79h |
2_2_06E96BD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_06E933A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_06E933B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E96A21h |
2_2_06E96778 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E965C9h |
2_2_06E96320 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E90B99h |
2_2_06E908F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E97751h |
2_2_06E974A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E90741h |
2_2_06E90498 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E902E9h |
2_2_06E90040 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E972FAh |
2_2_06E97050 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E98459h |
2_2_06E981B0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E95441h |
2_2_06E95198 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E90FF1h |
2_2_06E90D48 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E98001h |
2_2_06E97D58 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 4x nop then jmp 06E97BA9h |
2_2_06E97900 |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.000000000338E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032B2000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://reallyfreegeoip.org |
Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://scratchdreams.tk |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sajatypeworks.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000000.00000002.1736293448.0000000005C60000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.sakkal.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sandoll.co.kr |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.tiro.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.typography.netD |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.urwpp.deDPlease |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.zhongyicts.com.cn |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231 |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231$ |
Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk/_send_.php?TS |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_0190D5BC |
0_2_0190D5BC |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_05300740 |
0_2_05300740 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_05305BE8 |
0_2_05305BE8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_05304A30 |
0_2_05304A30 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_058697D8 |
0_2_058697D8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_05869768 |
0_2_05869768 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094B7828 |
0_2_094B7828 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BB168 |
0_2_094BB168 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094B7818 |
0_2_094B7818 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BEA40 |
0_2_094BEA40 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BEA50 |
0_2_094BEA50 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094B3AC8 |
0_2_094B3AC8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094B3AD8 |
0_2_094B3AD8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BDDA8 |
0_2_094BDDA8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BB158 |
0_2_094BB158 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BE1D2 |
0_2_094BE1D2 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BE1E0 |
0_2_094BE1E0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094B6240 |
0_2_094B6240 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094B622F |
0_2_094B622F |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 0_2_094BE618 |
0_2_094BE618 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_01666168 |
2_2_01666168 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166C1F0 |
2_2_0166C1F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166B388 |
2_2_0166B388 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166C4D0 |
2_2_0166C4D0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166C7B2 |
2_2_0166C7B2 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_016668E0 |
2_2_016668E0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_016698B8 |
2_2_016698B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_01664B31 |
2_2_01664B31 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166FA10 |
2_2_0166FA10 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166CA92 |
2_2_0166CA92 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166EDF0 |
2_2_0166EDF0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166BF10 |
2_2_0166BF10 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_016621A8 |
2_2_016621A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166E300 |
2_2_0166E300 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166E310 |
2_2_0166E310 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166B552 |
2_2_0166B552 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_016635CA |
2_2_016635CA |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_0166BC08 |
2_2_0166BC08 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB3688 |
2_2_05DB3688 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB7BA8 |
2_2_05DB7BA8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB8278 |
2_2_05DB8278 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBD5C0 |
2_2_05DBD5C0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBD5B0 |
2_2_05DBD5B0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB0D50 |
2_2_05DB0D50 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB0D60 |
2_2_05DB0D60 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBCD10 |
2_2_05DBCD10 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBCD01 |
2_2_05DBCD01 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB0490 |
2_2_05DB0490 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB04A0 |
2_2_05DB04A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBC450 |
2_2_05DBC450 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBC460 |
2_2_05DBC460 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBF418 |
2_2_05DBF418 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBF428 |
2_2_05DBF428 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBEFD0 |
2_2_05DBEFD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBEFC1 |
2_2_05DBEFC1 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBBFF8 |
2_2_05DBBFF8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBB758 |
2_2_05DBB758 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBB748 |
2_2_05DBB748 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBE710 |
2_2_05DBE710 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBE720 |
2_2_05DBE720 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB3678 |
2_2_05DB3678 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBDE70 |
2_2_05DBDE70 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBDE61 |
2_2_05DBDE61 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB71F4 |
2_2_05DB71F4 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBD158 |
2_2_05DBD158 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB817E |
2_2_05DB817E |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBD168 |
2_2_05DBD168 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB0900 |
2_2_05DB0900 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB08F1 |
2_2_05DB08F1 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBF880 |
2_2_05DBF880 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBC8B8 |
2_2_05DBC8B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBC8A8 |
2_2_05DBC8A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB0040 |
2_2_05DB0040 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBF871 |
2_2_05DBF871 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBC008 |
2_2_05DBC008 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB0007 |
2_2_05DB0007 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBBBB0 |
2_2_05DBBBB0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBBBA0 |
2_2_05DBBBA0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBEB78 |
2_2_05DBEB78 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBEB68 |
2_2_05DBEB68 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBB300 |
2_2_05DBB300 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBE2C8 |
2_2_05DBE2C8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBB2EF |
2_2_05DBB2EF |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBE2B8 |
2_2_05DBE2B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBDA18 |
2_2_05DBDA18 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DBDA09 |
2_2_05DBDA09 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_05DB7200 |
2_2_05DB7200 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9B6E8 |
2_2_06E9B6E8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9D670 |
2_2_06E9D670 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9AA58 |
2_2_06E9AA58 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E98608 |
2_2_06E98608 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9C388 |
2_2_06E9C388 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9B0A0 |
2_2_06E9B0A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E98C51 |
2_2_06E98C51 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9D028 |
2_2_06E9D028 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9A408 |
2_2_06E9A408 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9C9D8 |
2_2_06E9C9D8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E911A0 |
2_2_06E911A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9BD38 |
2_2_06E9BD38 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E95EC8 |
2_2_06E95EC8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9B6D8 |
2_2_06E9B6D8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9F2A0 |
2_2_06E9F2A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E95EB8 |
2_2_06E95EB8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9D661 |
2_2_06E9D661 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E95A60 |
2_2_06E95A60 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E95A70 |
2_2_06E95A70 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9F273 |
2_2_06E9F273 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9AA48 |
2_2_06E9AA48 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E95609 |
2_2_06E95609 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E98602 |
2_2_06E98602 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E95618 |
2_2_06E95618 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9A3FA |
2_2_06E9A3FA |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E96BC1 |
2_2_06E96BC1 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E96BD0 |
2_2_06E96BD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E933A8 |
2_2_06E933A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E933B8 |
2_2_06E933B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9676A |
2_2_06E9676A |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E96778 |
2_2_06E96778 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9C378 |
2_2_06E9C378 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E96320 |
2_2_06E96320 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E93730 |
2_2_06E93730 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E96311 |
2_2_06E96311 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E908E0 |
2_2_06E908E0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E908F0 |
2_2_06E908F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E978F0 |
2_2_06E978F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E974A8 |
2_2_06E974A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E90488 |
2_2_06E90488 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E90498 |
2_2_06E90498 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9B090 |
2_2_06E9B090 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E97497 |
2_2_06E97497 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E97049 |
2_2_06E97049 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E90040 |
2_2_06E90040 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E97050 |
2_2_06E97050 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9D021 |
2_2_06E9D021 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E90027 |
2_2_06E90027 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E94430 |
2_2_06E94430 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E92807 |
2_2_06E92807 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E92818 |
2_2_06E92818 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9C9C8 |
2_2_06E9C9C8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E981A0 |
2_2_06E981A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E981B0 |
2_2_06E981B0 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9518A |
2_2_06E9518A |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E95198 |
2_2_06E95198 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E91191 |
2_2_06E91191 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E90D48 |
2_2_06E90D48 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E97D48 |
2_2_06E97D48 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E97D58 |
2_2_06E97D58 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E90D39 |
2_2_06E90D39 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9BD36 |
2_2_06E9BD36 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E97900 |
2_2_06E97900 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Code function: 2_2_06E9B6E8 |
2_2_06E9B6E8 |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, wrjYe5aToKpciW2VfH.cs |
High entropy of concatenated method names: 'EBMb7ScU39', 'bbCb9jO5m8', 'Te8bdedRkb', 'xy8dyaIS7A', 'brAdzEcot5', 'P0LbXIF522', 'GASb4gSYUS', 'OclbKY9f6o', 'Kihbe5ho3V', 'c1hbB5X595' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, NHGqHVrOEDDV6G4stpo.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JkDQ27KRds', 'M8wQr19Ul7', 'Bj2Qi9FMuP', 'bccQtwTJmW', 'lSyQLTZqsF', 'H0HQA4uiPF', 'BCGQMCHg8i' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, Y3KDGAssWSf8Mg3VOY.cs |
High entropy of concatenated method names: 'lKhwTiVeqm', 'z9nwDi6HkO', 'NmkwvjcSe4', 'kQHwjuxCLp', 'PWgwo2txew', 'V0bwC4vIa5', 'agWwVWXd6n', 'AnSwJ1QZiJ', 'wFwwWhLS5K', 'Y9twmxuOO6' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, iq0X4uXRxp1wMvJwdA.cs |
High entropy of concatenated method names: 'SNGcEmv4i9', 'nVXcyPJiWj', 'igaUXuWbKu', 'dAAU4842jJ', 'Fyycma37HW', 'SkRcIHSufC', 'Ws9caR8tTw', 'fsUc25PQiR', 'BZrcrKEi3j', 'mQ8ciNnv7J' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, cJTndOryL0Vy6OYifgE.cs |
High entropy of concatenated method names: 'gbnGZWPh9X', 'P98Gx2Kv8L', 'V7UG3H6Y7p', 'SOlGgoHx8l', 'mOiGppNCtd', 'XBHG6TyGlA', 'zYEGu8M0dj', 'Ur0GTKC7x2', 'csCGDtIOxN', 'AruGsJDCg5' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, BOwi3dP3N9vwTmlkGN.cs |
High entropy of concatenated method names: 'ToString', 'fhASmh7TUP', 'Lq1SjnwUFt', 'hx4SNJIZiN', 'CXoSoQiumQ', 'AbbSC9jBI2', 'H9LS89DZMp', 'AZkSVqeF5H', 'tfRSJZ9n1B', 'T7FSRx4JZ6' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, WJhonTxgluihCS0u13.cs |
High entropy of concatenated method names: 'Dispose', 'hX14OKJux8', 'CKVKj9gAOk', 'UP155T5uYC', 'BED4yEln8a', 'pr74zk0xwq', 'ProcessDialogKey', 'NnSKXnYhrq', 'NU8K4DJb3Y', 'wVuKKmVlXH' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, DpreMYHmaBqn0L0Z6p.cs |
High entropy of concatenated method names: 'ib5U7mJcCC', 'uoXUYvNHBn', 'BdFU9Q5PRd', 'POlUPI1G1R', 'hXgUdbEi2X', 'LVZUb9okNw', 'xcmUFBtBTj', 'JQvUnVvBie', 'yr4UhmZOux', 'OM7UkGJRfD' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, BpsKu276sb2hDS0pUd.cs |
High entropy of concatenated method names: 'Lxf4bsO19y', 'CUZ4FD5w9a', 'rMi4hG2pHr', 'rcf4kOJgPi', 'XoY4HdsqoB', 'x794SUMgUX', 'WyMSN97CT6o98OugbX', 'KFIKhSo01BmSEc8Xqr', 'mQO44BcXuh', 'gwp4eNyBtS' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, sBf3YAfjRhwJxnTqDI.cs |
High entropy of concatenated method names: 'iZv3IVRl9', 'hjugBkJ4Z', 'HHZ6tWnqj', 'TcHu4KQ29', 'VjCDfceo9', 'k4GsiK7U6', 'trrCZ8EyycApsMxAun', 'TVISJ2HWujYsW9hbQ4', 'fQuUljS6E', 'HvCQvXmjL' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, MTWMUYtX3CayUFNpHW.cs |
High entropy of concatenated method names: 'd7FdlDtrLd', 'meRdYgn7Eh', 'bDJdP5PJ6s', 'WowdbJZZco', 'vIvdFVNk4J', 'p8QPLALpex', 'evQPAdtBT3', 'Nl2PMtOlUt', 'kVGPEGyjY4', 'GpqPOM1A5Y' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, c0JmJwYlJqYd0MoW5e.cs |
High entropy of concatenated method names: 'yUMelRu6y8', 'qJMe7gPiPF', 'fMheYwycph', 'RQNe98Rmnx', 'PfYePdX3FA', 'dEAedaX4mZ', 'DHVeb8pGrC', 'ERAeFUxEqf', 'm6Xenw0VGQ', 'SdkehE6i0q' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, xIP7IyRvvhY4aieuRp.cs |
High entropy of concatenated method names: 'ixxchxGPlm', 'S2HckqEuHx', 'ToString', 'HlNc7ges59', 'kPtcYnuTkM', 'ddHc9hEnA2', 'SxbcPuc3bB', 'B8Pcdf67GO', 'Tm5cbVtfXX', 'YUtcFVcZA9' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, pUZuqtnGEFgUxGMRtR.cs |
High entropy of concatenated method names: 'UyAd1oZii3', 'UnXdZ6PPR8', 'QMDd3h47SW', 'j47dg37Sih', 'iXkd6hVqNt', 'nG8duMwKZO', 'fD8dDciuy0', 'LrCdsxut24', 'sQZBsFYjeGyvE6Ite9a', 'Xy8hNSYcKo1NsImgSfy' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, s4X4LuFEvtddWivXUm.cs |
High entropy of concatenated method names: 'ikr9gMUsHu', 'CLh96OwPIM', 'lKu9TXC1kF', 'kDv9DYCeSs', 'WT09HU0mLv', 'Wto9S17Sjx', 'Ly29c6veP0', 'exU9UVIqUE', 'gDN9GGZSxy', 'o3d9QmDNdS' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, KoHwCn0VAavRpE54m8.cs |
High entropy of concatenated method names: 'uCNbZYRVwf', 'IvSbx8ryjb', 'Frnb3DQPML', 'SPBbgRYCAm', 'l6Jbp5bHBp', 'Hagb60sbMx', 'hywbu0ogv5', 'QVebTbplEc', 'LKwbD2DEvE', 'xn2bs6G7dv' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, w3irh0dMbfWIaWLdDO.cs |
High entropy of concatenated method names: 'wyVHWWPX6s', 'TMnHIykAdB', 'Rd5H2ogOCS', 'PVtHrQrgZv', 'CFRHjhDNeO', 'xt8HN9VfVc', 'DL6HoHDokw', 'x97HC0A7WL', 'gbfH8MGKip', 'R4DHVqp2Lo' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, KUgFQ4WTCrKXUfgMW7.cs |
High entropy of concatenated method names: 'kQTPpnMGGn', 'fXxPu3yAfF', 'OuT9Nigg4u', 'dXB9oEKhTg', 'GE29CxjBeI', 'Jrh98YEdun', 'igi9VyBCKi', 'yu99J30pBl', 'csL9RUTTXU', 'uZf9WlCUa8' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, LkDy48btoEH441yn35.cs |
High entropy of concatenated method names: 'GVhG4XPKcd', 'nC0GeyxxJY', 'mn9GBp0rSF', 'RQUG7whgj1', 'mO9GYB0DdR', 'MieGPI8ImV', 'v7pGdJlrTy', 'SvuUMro70m', 'WVCUEncf10', 'tS9UOFs5DM' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, WDV5NXzgCgmgNMVA8V.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xMLGwUZHZ6', 'MnkGHDeGWo', 'c1rGSEpvi6', 'T9WGckULIc', 'zgTGUp9F6X', 'EoEGGx5P2a', 'pSxGQTNYu8' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, ftWhWilFvs26U0HpnX.cs |
High entropy of concatenated method names: 'gOwUv6Q1wo', 'UOvUj61hAC', 'p6CUNPcgji', 'gGjUoZu73Q', 'KkWU26mTB3', 'b7jUCRPWam', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, mpRvKO3JoGJC6tKJYH.cs |
High entropy of concatenated method names: 'YHQY2Hy7uo', 'oDlYr4GyHe', 'TZFYi7p5BN', 'GDSYtIcSl1', 'GthYLBG39H', 'cOoYAaNEa4', 'egsYMT8LVo', 'CIrYEBdp2I', 'psbYO5YK91', 'xheYyrfKik' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, wrjYe5aToKpciW2VfH.cs |
High entropy of concatenated method names: 'EBMb7ScU39', 'bbCb9jO5m8', 'Te8bdedRkb', 'xy8dyaIS7A', 'brAdzEcot5', 'P0LbXIF522', 'GASb4gSYUS', 'OclbKY9f6o', 'Kihbe5ho3V', 'c1hbB5X595' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, NHGqHVrOEDDV6G4stpo.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JkDQ27KRds', 'M8wQr19Ul7', 'Bj2Qi9FMuP', 'bccQtwTJmW', 'lSyQLTZqsF', 'H0HQA4uiPF', 'BCGQMCHg8i' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, Y3KDGAssWSf8Mg3VOY.cs |
High entropy of concatenated method names: 'lKhwTiVeqm', 'z9nwDi6HkO', 'NmkwvjcSe4', 'kQHwjuxCLp', 'PWgwo2txew', 'V0bwC4vIa5', 'agWwVWXd6n', 'AnSwJ1QZiJ', 'wFwwWhLS5K', 'Y9twmxuOO6' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, iq0X4uXRxp1wMvJwdA.cs |
High entropy of concatenated method names: 'SNGcEmv4i9', 'nVXcyPJiWj', 'igaUXuWbKu', 'dAAU4842jJ', 'Fyycma37HW', 'SkRcIHSufC', 'Ws9caR8tTw', 'fsUc25PQiR', 'BZrcrKEi3j', 'mQ8ciNnv7J' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, cJTndOryL0Vy6OYifgE.cs |
High entropy of concatenated method names: 'gbnGZWPh9X', 'P98Gx2Kv8L', 'V7UG3H6Y7p', 'SOlGgoHx8l', 'mOiGppNCtd', 'XBHG6TyGlA', 'zYEGu8M0dj', 'Ur0GTKC7x2', 'csCGDtIOxN', 'AruGsJDCg5' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, BOwi3dP3N9vwTmlkGN.cs |
High entropy of concatenated method names: 'ToString', 'fhASmh7TUP', 'Lq1SjnwUFt', 'hx4SNJIZiN', 'CXoSoQiumQ', 'AbbSC9jBI2', 'H9LS89DZMp', 'AZkSVqeF5H', 'tfRSJZ9n1B', 'T7FSRx4JZ6' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, WJhonTxgluihCS0u13.cs |
High entropy of concatenated method names: 'Dispose', 'hX14OKJux8', 'CKVKj9gAOk', 'UP155T5uYC', 'BED4yEln8a', 'pr74zk0xwq', 'ProcessDialogKey', 'NnSKXnYhrq', 'NU8K4DJb3Y', 'wVuKKmVlXH' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, DpreMYHmaBqn0L0Z6p.cs |
High entropy of concatenated method names: 'ib5U7mJcCC', 'uoXUYvNHBn', 'BdFU9Q5PRd', 'POlUPI1G1R', 'hXgUdbEi2X', 'LVZUb9okNw', 'xcmUFBtBTj', 'JQvUnVvBie', 'yr4UhmZOux', 'OM7UkGJRfD' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, BpsKu276sb2hDS0pUd.cs |
High entropy of concatenated method names: 'Lxf4bsO19y', 'CUZ4FD5w9a', 'rMi4hG2pHr', 'rcf4kOJgPi', 'XoY4HdsqoB', 'x794SUMgUX', 'WyMSN97CT6o98OugbX', 'KFIKhSo01BmSEc8Xqr', 'mQO44BcXuh', 'gwp4eNyBtS' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, sBf3YAfjRhwJxnTqDI.cs |
High entropy of concatenated method names: 'iZv3IVRl9', 'hjugBkJ4Z', 'HHZ6tWnqj', 'TcHu4KQ29', 'VjCDfceo9', 'k4GsiK7U6', 'trrCZ8EyycApsMxAun', 'TVISJ2HWujYsW9hbQ4', 'fQuUljS6E', 'HvCQvXmjL' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, MTWMUYtX3CayUFNpHW.cs |
High entropy of concatenated method names: 'd7FdlDtrLd', 'meRdYgn7Eh', 'bDJdP5PJ6s', 'WowdbJZZco', 'vIvdFVNk4J', 'p8QPLALpex', 'evQPAdtBT3', 'Nl2PMtOlUt', 'kVGPEGyjY4', 'GpqPOM1A5Y' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, c0JmJwYlJqYd0MoW5e.cs |
High entropy of concatenated method names: 'yUMelRu6y8', 'qJMe7gPiPF', 'fMheYwycph', 'RQNe98Rmnx', 'PfYePdX3FA', 'dEAedaX4mZ', 'DHVeb8pGrC', 'ERAeFUxEqf', 'm6Xenw0VGQ', 'SdkehE6i0q' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, xIP7IyRvvhY4aieuRp.cs |
High entropy of concatenated method names: 'ixxchxGPlm', 'S2HckqEuHx', 'ToString', 'HlNc7ges59', 'kPtcYnuTkM', 'ddHc9hEnA2', 'SxbcPuc3bB', 'B8Pcdf67GO', 'Tm5cbVtfXX', 'YUtcFVcZA9' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, pUZuqtnGEFgUxGMRtR.cs |
High entropy of concatenated method names: 'UyAd1oZii3', 'UnXdZ6PPR8', 'QMDd3h47SW', 'j47dg37Sih', 'iXkd6hVqNt', 'nG8duMwKZO', 'fD8dDciuy0', 'LrCdsxut24', 'sQZBsFYjeGyvE6Ite9a', 'Xy8hNSYcKo1NsImgSfy' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, s4X4LuFEvtddWivXUm.cs |
High entropy of concatenated method names: 'ikr9gMUsHu', 'CLh96OwPIM', 'lKu9TXC1kF', 'kDv9DYCeSs', 'WT09HU0mLv', 'Wto9S17Sjx', 'Ly29c6veP0', 'exU9UVIqUE', 'gDN9GGZSxy', 'o3d9QmDNdS' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, KoHwCn0VAavRpE54m8.cs |
High entropy of concatenated method names: 'uCNbZYRVwf', 'IvSbx8ryjb', 'Frnb3DQPML', 'SPBbgRYCAm', 'l6Jbp5bHBp', 'Hagb60sbMx', 'hywbu0ogv5', 'QVebTbplEc', 'LKwbD2DEvE', 'xn2bs6G7dv' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, w3irh0dMbfWIaWLdDO.cs |
High entropy of concatenated method names: 'wyVHWWPX6s', 'TMnHIykAdB', 'Rd5H2ogOCS', 'PVtHrQrgZv', 'CFRHjhDNeO', 'xt8HN9VfVc', 'DL6HoHDokw', 'x97HC0A7WL', 'gbfH8MGKip', 'R4DHVqp2Lo' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, KUgFQ4WTCrKXUfgMW7.cs |
High entropy of concatenated method names: 'kQTPpnMGGn', 'fXxPu3yAfF', 'OuT9Nigg4u', 'dXB9oEKhTg', 'GE29CxjBeI', 'Jrh98YEdun', 'igi9VyBCKi', 'yu99J30pBl', 'csL9RUTTXU', 'uZf9WlCUa8' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, LkDy48btoEH441yn35.cs |
High entropy of concatenated method names: 'GVhG4XPKcd', 'nC0GeyxxJY', 'mn9GBp0rSF', 'RQUG7whgj1', 'mO9GYB0DdR', 'MieGPI8ImV', 'v7pGdJlrTy', 'SvuUMro70m', 'WVCUEncf10', 'tS9UOFs5DM' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, WDV5NXzgCgmgNMVA8V.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xMLGwUZHZ6', 'MnkGHDeGWo', 'c1rGSEpvi6', 'T9WGckULIc', 'zgTGUp9F6X', 'EoEGGx5P2a', 'pSxGQTNYu8' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, ftWhWilFvs26U0HpnX.cs |
High entropy of concatenated method names: 'gOwUv6Q1wo', 'UOvUj61hAC', 'p6CUNPcgji', 'gGjUoZu73Q', 'KkWU26mTB3', 'b7jUCRPWam', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, mpRvKO3JoGJC6tKJYH.cs |
High entropy of concatenated method names: 'YHQY2Hy7uo', 'oDlYr4GyHe', 'TZFYi7p5BN', 'GDSYtIcSl1', 'GthYLBG39H', 'cOoYAaNEa4', 'egsYMT8LVo', 'CIrYEBdp2I', 'psbYO5YK91', 'xheYyrfKik' |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599780 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599124 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598906 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598796 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598687 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598578 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598468 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598359 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598250 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598140 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598031 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597921 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597812 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597703 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597593 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597484 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597373 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597265 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597156 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597046 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596715 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596281 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596171 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596062 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595951 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595843 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595623 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595296 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594968 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6628 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -23058430092136925s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 7012 |
Thread sleep count: 8718 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 7012 |
Thread sleep count: 1145 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599780s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599671s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599124s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -599015s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598906s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598796s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598687s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598578s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598468s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598359s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598250s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598140s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -598031s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597921s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597812s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597703s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597593s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597484s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597373s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597265s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597156s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -597046s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596937s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596828s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596715s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596609s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596500s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596390s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596281s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596171s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -596062s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595951s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595843s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595734s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595623s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595515s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595406s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595296s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595187s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -595078s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -594968s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -594859s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -594750s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 |
Thread sleep time: -594640s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599780 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599124 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598906 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598796 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598687 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598578 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598468 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598359 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598250 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598140 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 598031 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597921 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597812 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597703 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597593 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597484 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597373 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597265 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597156 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 597046 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596715 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596281 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596171 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 596062 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595951 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595843 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595623 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595296 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594968 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Users\user\Desktop\Purchase Order.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Users\user\Desktop\Purchase Order.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |