Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 0166FCD1h | 2_2_0166FA10 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 0166EFDDh | 2_2_0166EDF0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 0166F967h | 2_2_0166EDF0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h | 2_2_0166E310 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBD869h | 2_2_05DBD5C0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DB1011h | 2_2_05DB0D60 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBCFB9h | 2_2_05DBCD10 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DB15D8h | 2_2_05DB1506 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DB0751h | 2_2_05DB04A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBC709h | 2_2_05DBC460 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBF6D1h | 2_2_05DBF428 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBF279h | 2_2_05DBEFD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBBA01h | 2_2_05DBB758 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBE9C9h | 2_2_05DBE720 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBE119h | 2_2_05DBDE70 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DB15D8h | 2_2_05DB11C0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DB15D8h | 2_2_05DB11B1 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBD411h | 2_2_05DBD168 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DB0BB1h | 2_2_05DB0900 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBFB29h | 2_2_05DBF880 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBCB61h | 2_2_05DBC8B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DB02F1h | 2_2_05DB0040 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBC2B1h | 2_2_05DBC008 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBBE59h | 2_2_05DBBBB0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBEE21h | 2_2_05DBEB78 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBB5A9h | 2_2_05DBB300 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBE571h | 2_2_05DBE2C8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 05DBDCC1h | 2_2_05DBDA18 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E98945h | 2_2_06E98608 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E96171h | 2_2_06E95EC8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then lea esp, dword ptr [ebp-04h] | 2_2_06E936CE |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E95D19h | 2_2_06E95A70 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E958C1h | 2_2_06E95618 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E96E79h | 2_2_06E96BD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then lea esp, dword ptr [ebp-04h] | 2_2_06E933A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then lea esp, dword ptr [ebp-04h] | 2_2_06E933B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E96A21h | 2_2_06E96778 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E965C9h | 2_2_06E96320 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E90B99h | 2_2_06E908F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E97751h | 2_2_06E974A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E90741h | 2_2_06E90498 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E902E9h | 2_2_06E90040 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E972FAh | 2_2_06E97050 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E98459h | 2_2_06E981B0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E95441h | 2_2_06E95198 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E90FF1h | 2_2_06E90D48 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E98001h | 2_2_06E97D58 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 4x nop then jmp 06E97BA9h | 2_2_06E97900 |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.com |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.000000000338E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032B2000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/q |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://reallyfreegeoip.org |
Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://scratchdreams.tk |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000000.00000002.1736293448.0000000005C60000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.typography.netD |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org |
Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231 |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231$ |
Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://scratchdreams.tk |
Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://scratchdreams.tk/_send_.php?TS |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_0190D5BC | 0_2_0190D5BC |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_05300740 | 0_2_05300740 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_05305BE8 | 0_2_05305BE8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_05304A30 | 0_2_05304A30 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_058697D8 | 0_2_058697D8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_05869768 | 0_2_05869768 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094B7828 | 0_2_094B7828 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BB168 | 0_2_094BB168 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094B7818 | 0_2_094B7818 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BEA40 | 0_2_094BEA40 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BEA50 | 0_2_094BEA50 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094B3AC8 | 0_2_094B3AC8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094B3AD8 | 0_2_094B3AD8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BDDA8 | 0_2_094BDDA8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BB158 | 0_2_094BB158 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BE1D2 | 0_2_094BE1D2 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BE1E0 | 0_2_094BE1E0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094B6240 | 0_2_094B6240 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094B622F | 0_2_094B622F |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 0_2_094BE618 | 0_2_094BE618 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_01666168 | 2_2_01666168 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166C1F0 | 2_2_0166C1F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166B388 | 2_2_0166B388 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166C4D0 | 2_2_0166C4D0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166C7B2 | 2_2_0166C7B2 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_016668E0 | 2_2_016668E0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_016698B8 | 2_2_016698B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_01664B31 | 2_2_01664B31 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166FA10 | 2_2_0166FA10 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166CA92 | 2_2_0166CA92 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166EDF0 | 2_2_0166EDF0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166BF10 | 2_2_0166BF10 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_016621A8 | 2_2_016621A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166E300 | 2_2_0166E300 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166E310 | 2_2_0166E310 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166B552 | 2_2_0166B552 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_016635CA | 2_2_016635CA |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_0166BC08 | 2_2_0166BC08 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB3688 | 2_2_05DB3688 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB7BA8 | 2_2_05DB7BA8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB8278 | 2_2_05DB8278 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBD5C0 | 2_2_05DBD5C0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBD5B0 | 2_2_05DBD5B0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB0D50 | 2_2_05DB0D50 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB0D60 | 2_2_05DB0D60 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBCD10 | 2_2_05DBCD10 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBCD01 | 2_2_05DBCD01 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB0490 | 2_2_05DB0490 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB04A0 | 2_2_05DB04A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBC450 | 2_2_05DBC450 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBC460 | 2_2_05DBC460 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBF418 | 2_2_05DBF418 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBF428 | 2_2_05DBF428 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBEFD0 | 2_2_05DBEFD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBEFC1 | 2_2_05DBEFC1 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBBFF8 | 2_2_05DBBFF8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBB758 | 2_2_05DBB758 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBB748 | 2_2_05DBB748 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBE710 | 2_2_05DBE710 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBE720 | 2_2_05DBE720 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB3678 | 2_2_05DB3678 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBDE70 | 2_2_05DBDE70 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBDE61 | 2_2_05DBDE61 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB71F4 | 2_2_05DB71F4 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBD158 | 2_2_05DBD158 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB817E | 2_2_05DB817E |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBD168 | 2_2_05DBD168 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB0900 | 2_2_05DB0900 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB08F1 | 2_2_05DB08F1 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBF880 | 2_2_05DBF880 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBC8B8 | 2_2_05DBC8B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBC8A8 | 2_2_05DBC8A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB0040 | 2_2_05DB0040 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBF871 | 2_2_05DBF871 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBC008 | 2_2_05DBC008 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB0007 | 2_2_05DB0007 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBBBB0 | 2_2_05DBBBB0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBBBA0 | 2_2_05DBBBA0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBEB78 | 2_2_05DBEB78 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBEB68 | 2_2_05DBEB68 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBB300 | 2_2_05DBB300 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBE2C8 | 2_2_05DBE2C8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBB2EF | 2_2_05DBB2EF |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBE2B8 | 2_2_05DBE2B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBDA18 | 2_2_05DBDA18 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DBDA09 | 2_2_05DBDA09 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_05DB7200 | 2_2_05DB7200 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9B6E8 | 2_2_06E9B6E8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9D670 | 2_2_06E9D670 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9AA58 | 2_2_06E9AA58 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E98608 | 2_2_06E98608 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9C388 | 2_2_06E9C388 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9B0A0 | 2_2_06E9B0A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E98C51 | 2_2_06E98C51 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9D028 | 2_2_06E9D028 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9A408 | 2_2_06E9A408 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9C9D8 | 2_2_06E9C9D8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E911A0 | 2_2_06E911A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9BD38 | 2_2_06E9BD38 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E95EC8 | 2_2_06E95EC8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9B6D8 | 2_2_06E9B6D8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9F2A0 | 2_2_06E9F2A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E95EB8 | 2_2_06E95EB8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9D661 | 2_2_06E9D661 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E95A60 | 2_2_06E95A60 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E95A70 | 2_2_06E95A70 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9F273 | 2_2_06E9F273 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9AA48 | 2_2_06E9AA48 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E95609 | 2_2_06E95609 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E98602 | 2_2_06E98602 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E95618 | 2_2_06E95618 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9A3FA | 2_2_06E9A3FA |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E96BC1 | 2_2_06E96BC1 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E96BD0 | 2_2_06E96BD0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E933A8 | 2_2_06E933A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E933B8 | 2_2_06E933B8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9676A | 2_2_06E9676A |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E96778 | 2_2_06E96778 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9C378 | 2_2_06E9C378 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E96320 | 2_2_06E96320 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E93730 | 2_2_06E93730 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E96311 | 2_2_06E96311 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E908E0 | 2_2_06E908E0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E908F0 | 2_2_06E908F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E978F0 | 2_2_06E978F0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E974A8 | 2_2_06E974A8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E90488 | 2_2_06E90488 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E90498 | 2_2_06E90498 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9B090 | 2_2_06E9B090 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E97497 | 2_2_06E97497 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E97049 | 2_2_06E97049 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E90040 | 2_2_06E90040 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E97050 | 2_2_06E97050 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9D021 | 2_2_06E9D021 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E90027 | 2_2_06E90027 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E94430 | 2_2_06E94430 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E92807 | 2_2_06E92807 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E92818 | 2_2_06E92818 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9C9C8 | 2_2_06E9C9C8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E981A0 | 2_2_06E981A0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E981B0 | 2_2_06E981B0 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9518A | 2_2_06E9518A |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E95198 | 2_2_06E95198 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E91191 | 2_2_06E91191 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E90D48 | 2_2_06E90D48 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E97D48 | 2_2_06E97D48 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E97D58 | 2_2_06E97D58 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E90D39 | 2_2_06E90D39 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9BD36 | 2_2_06E9BD36 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E97900 | 2_2_06E97900 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Code function: 2_2_06E9B6E8 | 2_2_06E9B6E8 |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: riched20.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: msls31.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, wrjYe5aToKpciW2VfH.cs | High entropy of concatenated method names: 'EBMb7ScU39', 'bbCb9jO5m8', 'Te8bdedRkb', 'xy8dyaIS7A', 'brAdzEcot5', 'P0LbXIF522', 'GASb4gSYUS', 'OclbKY9f6o', 'Kihbe5ho3V', 'c1hbB5X595' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, NHGqHVrOEDDV6G4stpo.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JkDQ27KRds', 'M8wQr19Ul7', 'Bj2Qi9FMuP', 'bccQtwTJmW', 'lSyQLTZqsF', 'H0HQA4uiPF', 'BCGQMCHg8i' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, Y3KDGAssWSf8Mg3VOY.cs | High entropy of concatenated method names: 'lKhwTiVeqm', 'z9nwDi6HkO', 'NmkwvjcSe4', 'kQHwjuxCLp', 'PWgwo2txew', 'V0bwC4vIa5', 'agWwVWXd6n', 'AnSwJ1QZiJ', 'wFwwWhLS5K', 'Y9twmxuOO6' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, iq0X4uXRxp1wMvJwdA.cs | High entropy of concatenated method names: 'SNGcEmv4i9', 'nVXcyPJiWj', 'igaUXuWbKu', 'dAAU4842jJ', 'Fyycma37HW', 'SkRcIHSufC', 'Ws9caR8tTw', 'fsUc25PQiR', 'BZrcrKEi3j', 'mQ8ciNnv7J' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, cJTndOryL0Vy6OYifgE.cs | High entropy of concatenated method names: 'gbnGZWPh9X', 'P98Gx2Kv8L', 'V7UG3H6Y7p', 'SOlGgoHx8l', 'mOiGppNCtd', 'XBHG6TyGlA', 'zYEGu8M0dj', 'Ur0GTKC7x2', 'csCGDtIOxN', 'AruGsJDCg5' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, BOwi3dP3N9vwTmlkGN.cs | High entropy of concatenated method names: 'ToString', 'fhASmh7TUP', 'Lq1SjnwUFt', 'hx4SNJIZiN', 'CXoSoQiumQ', 'AbbSC9jBI2', 'H9LS89DZMp', 'AZkSVqeF5H', 'tfRSJZ9n1B', 'T7FSRx4JZ6' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, WJhonTxgluihCS0u13.cs | High entropy of concatenated method names: 'Dispose', 'hX14OKJux8', 'CKVKj9gAOk', 'UP155T5uYC', 'BED4yEln8a', 'pr74zk0xwq', 'ProcessDialogKey', 'NnSKXnYhrq', 'NU8K4DJb3Y', 'wVuKKmVlXH' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, DpreMYHmaBqn0L0Z6p.cs | High entropy of concatenated method names: 'ib5U7mJcCC', 'uoXUYvNHBn', 'BdFU9Q5PRd', 'POlUPI1G1R', 'hXgUdbEi2X', 'LVZUb9okNw', 'xcmUFBtBTj', 'JQvUnVvBie', 'yr4UhmZOux', 'OM7UkGJRfD' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, BpsKu276sb2hDS0pUd.cs | High entropy of concatenated method names: 'Lxf4bsO19y', 'CUZ4FD5w9a', 'rMi4hG2pHr', 'rcf4kOJgPi', 'XoY4HdsqoB', 'x794SUMgUX', 'WyMSN97CT6o98OugbX', 'KFIKhSo01BmSEc8Xqr', 'mQO44BcXuh', 'gwp4eNyBtS' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, sBf3YAfjRhwJxnTqDI.cs | High entropy of concatenated method names: 'iZv3IVRl9', 'hjugBkJ4Z', 'HHZ6tWnqj', 'TcHu4KQ29', 'VjCDfceo9', 'k4GsiK7U6', 'trrCZ8EyycApsMxAun', 'TVISJ2HWujYsW9hbQ4', 'fQuUljS6E', 'HvCQvXmjL' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, MTWMUYtX3CayUFNpHW.cs | High entropy of concatenated method names: 'd7FdlDtrLd', 'meRdYgn7Eh', 'bDJdP5PJ6s', 'WowdbJZZco', 'vIvdFVNk4J', 'p8QPLALpex', 'evQPAdtBT3', 'Nl2PMtOlUt', 'kVGPEGyjY4', 'GpqPOM1A5Y' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, c0JmJwYlJqYd0MoW5e.cs | High entropy of concatenated method names: 'yUMelRu6y8', 'qJMe7gPiPF', 'fMheYwycph', 'RQNe98Rmnx', 'PfYePdX3FA', 'dEAedaX4mZ', 'DHVeb8pGrC', 'ERAeFUxEqf', 'm6Xenw0VGQ', 'SdkehE6i0q' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, xIP7IyRvvhY4aieuRp.cs | High entropy of concatenated method names: 'ixxchxGPlm', 'S2HckqEuHx', 'ToString', 'HlNc7ges59', 'kPtcYnuTkM', 'ddHc9hEnA2', 'SxbcPuc3bB', 'B8Pcdf67GO', 'Tm5cbVtfXX', 'YUtcFVcZA9' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, pUZuqtnGEFgUxGMRtR.cs | High entropy of concatenated method names: 'UyAd1oZii3', 'UnXdZ6PPR8', 'QMDd3h47SW', 'j47dg37Sih', 'iXkd6hVqNt', 'nG8duMwKZO', 'fD8dDciuy0', 'LrCdsxut24', 'sQZBsFYjeGyvE6Ite9a', 'Xy8hNSYcKo1NsImgSfy' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, s4X4LuFEvtddWivXUm.cs | High entropy of concatenated method names: 'ikr9gMUsHu', 'CLh96OwPIM', 'lKu9TXC1kF', 'kDv9DYCeSs', 'WT09HU0mLv', 'Wto9S17Sjx', 'Ly29c6veP0', 'exU9UVIqUE', 'gDN9GGZSxy', 'o3d9QmDNdS' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, KoHwCn0VAavRpE54m8.cs | High entropy of concatenated method names: 'uCNbZYRVwf', 'IvSbx8ryjb', 'Frnb3DQPML', 'SPBbgRYCAm', 'l6Jbp5bHBp', 'Hagb60sbMx', 'hywbu0ogv5', 'QVebTbplEc', 'LKwbD2DEvE', 'xn2bs6G7dv' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, w3irh0dMbfWIaWLdDO.cs | High entropy of concatenated method names: 'wyVHWWPX6s', 'TMnHIykAdB', 'Rd5H2ogOCS', 'PVtHrQrgZv', 'CFRHjhDNeO', 'xt8HN9VfVc', 'DL6HoHDokw', 'x97HC0A7WL', 'gbfH8MGKip', 'R4DHVqp2Lo' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, KUgFQ4WTCrKXUfgMW7.cs | High entropy of concatenated method names: 'kQTPpnMGGn', 'fXxPu3yAfF', 'OuT9Nigg4u', 'dXB9oEKhTg', 'GE29CxjBeI', 'Jrh98YEdun', 'igi9VyBCKi', 'yu99J30pBl', 'csL9RUTTXU', 'uZf9WlCUa8' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, LkDy48btoEH441yn35.cs | High entropy of concatenated method names: 'GVhG4XPKcd', 'nC0GeyxxJY', 'mn9GBp0rSF', 'RQUG7whgj1', 'mO9GYB0DdR', 'MieGPI8ImV', 'v7pGdJlrTy', 'SvuUMro70m', 'WVCUEncf10', 'tS9UOFs5DM' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, WDV5NXzgCgmgNMVA8V.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xMLGwUZHZ6', 'MnkGHDeGWo', 'c1rGSEpvi6', 'T9WGckULIc', 'zgTGUp9F6X', 'EoEGGx5P2a', 'pSxGQTNYu8' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, ftWhWilFvs26U0HpnX.cs | High entropy of concatenated method names: 'gOwUv6Q1wo', 'UOvUj61hAC', 'p6CUNPcgji', 'gGjUoZu73Q', 'KkWU26mTB3', 'b7jUCRPWam', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, mpRvKO3JoGJC6tKJYH.cs | High entropy of concatenated method names: 'YHQY2Hy7uo', 'oDlYr4GyHe', 'TZFYi7p5BN', 'GDSYtIcSl1', 'GthYLBG39H', 'cOoYAaNEa4', 'egsYMT8LVo', 'CIrYEBdp2I', 'psbYO5YK91', 'xheYyrfKik' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, wrjYe5aToKpciW2VfH.cs | High entropy of concatenated method names: 'EBMb7ScU39', 'bbCb9jO5m8', 'Te8bdedRkb', 'xy8dyaIS7A', 'brAdzEcot5', 'P0LbXIF522', 'GASb4gSYUS', 'OclbKY9f6o', 'Kihbe5ho3V', 'c1hbB5X595' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, NHGqHVrOEDDV6G4stpo.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JkDQ27KRds', 'M8wQr19Ul7', 'Bj2Qi9FMuP', 'bccQtwTJmW', 'lSyQLTZqsF', 'H0HQA4uiPF', 'BCGQMCHg8i' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, Y3KDGAssWSf8Mg3VOY.cs | High entropy of concatenated method names: 'lKhwTiVeqm', 'z9nwDi6HkO', 'NmkwvjcSe4', 'kQHwjuxCLp', 'PWgwo2txew', 'V0bwC4vIa5', 'agWwVWXd6n', 'AnSwJ1QZiJ', 'wFwwWhLS5K', 'Y9twmxuOO6' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, iq0X4uXRxp1wMvJwdA.cs | High entropy of concatenated method names: 'SNGcEmv4i9', 'nVXcyPJiWj', 'igaUXuWbKu', 'dAAU4842jJ', 'Fyycma37HW', 'SkRcIHSufC', 'Ws9caR8tTw', 'fsUc25PQiR', 'BZrcrKEi3j', 'mQ8ciNnv7J' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, cJTndOryL0Vy6OYifgE.cs | High entropy of concatenated method names: 'gbnGZWPh9X', 'P98Gx2Kv8L', 'V7UG3H6Y7p', 'SOlGgoHx8l', 'mOiGppNCtd', 'XBHG6TyGlA', 'zYEGu8M0dj', 'Ur0GTKC7x2', 'csCGDtIOxN', 'AruGsJDCg5' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, BOwi3dP3N9vwTmlkGN.cs | High entropy of concatenated method names: 'ToString', 'fhASmh7TUP', 'Lq1SjnwUFt', 'hx4SNJIZiN', 'CXoSoQiumQ', 'AbbSC9jBI2', 'H9LS89DZMp', 'AZkSVqeF5H', 'tfRSJZ9n1B', 'T7FSRx4JZ6' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, WJhonTxgluihCS0u13.cs | High entropy of concatenated method names: 'Dispose', 'hX14OKJux8', 'CKVKj9gAOk', 'UP155T5uYC', 'BED4yEln8a', 'pr74zk0xwq', 'ProcessDialogKey', 'NnSKXnYhrq', 'NU8K4DJb3Y', 'wVuKKmVlXH' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, DpreMYHmaBqn0L0Z6p.cs | High entropy of concatenated method names: 'ib5U7mJcCC', 'uoXUYvNHBn', 'BdFU9Q5PRd', 'POlUPI1G1R', 'hXgUdbEi2X', 'LVZUb9okNw', 'xcmUFBtBTj', 'JQvUnVvBie', 'yr4UhmZOux', 'OM7UkGJRfD' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, BpsKu276sb2hDS0pUd.cs | High entropy of concatenated method names: 'Lxf4bsO19y', 'CUZ4FD5w9a', 'rMi4hG2pHr', 'rcf4kOJgPi', 'XoY4HdsqoB', 'x794SUMgUX', 'WyMSN97CT6o98OugbX', 'KFIKhSo01BmSEc8Xqr', 'mQO44BcXuh', 'gwp4eNyBtS' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, sBf3YAfjRhwJxnTqDI.cs | High entropy of concatenated method names: 'iZv3IVRl9', 'hjugBkJ4Z', 'HHZ6tWnqj', 'TcHu4KQ29', 'VjCDfceo9', 'k4GsiK7U6', 'trrCZ8EyycApsMxAun', 'TVISJ2HWujYsW9hbQ4', 'fQuUljS6E', 'HvCQvXmjL' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, MTWMUYtX3CayUFNpHW.cs | High entropy of concatenated method names: 'd7FdlDtrLd', 'meRdYgn7Eh', 'bDJdP5PJ6s', 'WowdbJZZco', 'vIvdFVNk4J', 'p8QPLALpex', 'evQPAdtBT3', 'Nl2PMtOlUt', 'kVGPEGyjY4', 'GpqPOM1A5Y' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, c0JmJwYlJqYd0MoW5e.cs | High entropy of concatenated method names: 'yUMelRu6y8', 'qJMe7gPiPF', 'fMheYwycph', 'RQNe98Rmnx', 'PfYePdX3FA', 'dEAedaX4mZ', 'DHVeb8pGrC', 'ERAeFUxEqf', 'm6Xenw0VGQ', 'SdkehE6i0q' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, xIP7IyRvvhY4aieuRp.cs | High entropy of concatenated method names: 'ixxchxGPlm', 'S2HckqEuHx', 'ToString', 'HlNc7ges59', 'kPtcYnuTkM', 'ddHc9hEnA2', 'SxbcPuc3bB', 'B8Pcdf67GO', 'Tm5cbVtfXX', 'YUtcFVcZA9' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, pUZuqtnGEFgUxGMRtR.cs | High entropy of concatenated method names: 'UyAd1oZii3', 'UnXdZ6PPR8', 'QMDd3h47SW', 'j47dg37Sih', 'iXkd6hVqNt', 'nG8duMwKZO', 'fD8dDciuy0', 'LrCdsxut24', 'sQZBsFYjeGyvE6Ite9a', 'Xy8hNSYcKo1NsImgSfy' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, s4X4LuFEvtddWivXUm.cs | High entropy of concatenated method names: 'ikr9gMUsHu', 'CLh96OwPIM', 'lKu9TXC1kF', 'kDv9DYCeSs', 'WT09HU0mLv', 'Wto9S17Sjx', 'Ly29c6veP0', 'exU9UVIqUE', 'gDN9GGZSxy', 'o3d9QmDNdS' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, KoHwCn0VAavRpE54m8.cs | High entropy of concatenated method names: 'uCNbZYRVwf', 'IvSbx8ryjb', 'Frnb3DQPML', 'SPBbgRYCAm', 'l6Jbp5bHBp', 'Hagb60sbMx', 'hywbu0ogv5', 'QVebTbplEc', 'LKwbD2DEvE', 'xn2bs6G7dv' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, w3irh0dMbfWIaWLdDO.cs | High entropy of concatenated method names: 'wyVHWWPX6s', 'TMnHIykAdB', 'Rd5H2ogOCS', 'PVtHrQrgZv', 'CFRHjhDNeO', 'xt8HN9VfVc', 'DL6HoHDokw', 'x97HC0A7WL', 'gbfH8MGKip', 'R4DHVqp2Lo' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, KUgFQ4WTCrKXUfgMW7.cs | High entropy of concatenated method names: 'kQTPpnMGGn', 'fXxPu3yAfF', 'OuT9Nigg4u', 'dXB9oEKhTg', 'GE29CxjBeI', 'Jrh98YEdun', 'igi9VyBCKi', 'yu99J30pBl', 'csL9RUTTXU', 'uZf9WlCUa8' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, LkDy48btoEH441yn35.cs | High entropy of concatenated method names: 'GVhG4XPKcd', 'nC0GeyxxJY', 'mn9GBp0rSF', 'RQUG7whgj1', 'mO9GYB0DdR', 'MieGPI8ImV', 'v7pGdJlrTy', 'SvuUMro70m', 'WVCUEncf10', 'tS9UOFs5DM' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, WDV5NXzgCgmgNMVA8V.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xMLGwUZHZ6', 'MnkGHDeGWo', 'c1rGSEpvi6', 'T9WGckULIc', 'zgTGUp9F6X', 'EoEGGx5P2a', 'pSxGQTNYu8' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, ftWhWilFvs26U0HpnX.cs | High entropy of concatenated method names: 'gOwUv6Q1wo', 'UOvUj61hAC', 'p6CUNPcgji', 'gGjUoZu73Q', 'KkWU26mTB3', 'b7jUCRPWam', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, mpRvKO3JoGJC6tKJYH.cs | High entropy of concatenated method names: 'YHQY2Hy7uo', 'oDlYr4GyHe', 'TZFYi7p5BN', 'GDSYtIcSl1', 'GthYLBG39H', 'cOoYAaNEa4', 'egsYMT8LVo', 'CIrYEBdp2I', 'psbYO5YK91', 'xheYyrfKik' |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599890 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599780 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599671 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599562 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599453 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599343 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599234 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599124 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599015 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598906 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598796 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598687 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598578 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598468 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598359 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598250 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598140 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598031 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597921 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597812 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597703 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597593 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597484 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597373 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597265 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597156 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597046 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596937 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596828 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596715 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596609 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596500 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596390 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596281 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596171 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596062 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595951 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595843 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595734 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595623 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595515 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595406 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595296 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595187 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595078 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594968 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594859 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594750 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594640 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6628 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -23058430092136925s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -600000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599890s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 7012 | Thread sleep count: 8718 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 7012 | Thread sleep count: 1145 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599780s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599671s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599562s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599453s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599343s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599234s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599124s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -599015s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598906s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598796s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598687s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598578s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598468s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598359s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598250s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598140s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -598031s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597921s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597812s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597703s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597593s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597484s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597373s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597265s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597156s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -597046s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596937s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596828s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596715s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596609s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596500s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596390s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596281s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596171s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -596062s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595951s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595843s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595734s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595623s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595515s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595406s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595296s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595187s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -595078s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -594968s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -594859s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -594750s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968 | Thread sleep time: -594640s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599890 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599780 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599671 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599562 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599453 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599343 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599234 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599124 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 599015 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598906 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598796 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598687 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598578 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598468 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598359 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598250 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598140 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 598031 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597921 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597812 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597703 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597593 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597484 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597373 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597265 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597156 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 597046 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596937 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596828 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596715 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596609 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596500 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596390 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596281 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596171 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 596062 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595951 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595843 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595734 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595623 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595515 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595406 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595296 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595187 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 595078 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594968 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594859 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594750 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Thread delayed: delay time: 594640 | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Users\user\Desktop\Purchase Order.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Users\user\Desktop\Purchase Order.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |