Windows Analysis Report
Order_YK240612-01D(estimate).scr.exe

Overview

General Information

Sample name:	Order_YK240612-01D(estimate).scr.exe
Analysis ID:	1471405
MD5:	70b68d25c88c6d1edfa32aa617f67393
SHA1:	1b04e59a4496d9db4f90f4dc55b5e816cfff3de5
SHA256:	d0755a4410b30758349877c74392e03b018eb7c8520852d4cae3f2f243d33c7a
Tags:	exeRemcosRAT
Infos:

Detection

Remcos

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Contains functionality to bypass UAC (CMSTPLUA)

Detected Remcos RAT

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Remcos

Yara detected AntiVM3

Yara detected Remcos RAT

Yara detected UAC Bypass using CMSTP

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to register a low level keyboard hook

Contains functionality to steal Chrome passwords or cookies

Contains functionality to steal Firefox passwords or cookies

Contains functionalty to change the wallpaper

Creates autostart registry keys with suspicious names

Creates multiple autostart registry keys

Delayed program exit found

Drops PE files to the document folder of the user

Drops PE files with a suspicious file extension

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Uses cmd line tools excessively to alter registry or file data

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to download and launch executables

Contains functionality to dynamically determine API calls

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Contains functionality to enumerate running services

Contains functionality to launch a control a shell (cmd.exe)

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Too many similar processes found

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses reg.exe to modify the Windows registry

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Remcos, RemcosRAT	Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.	APT33 The Gorgon Group UAC-0050	http://malware-traffic-analysis.net/2017/12/22/index.html https://0xmrmagnezi.github.io/malware%20analysis/RemcosRAT/ https://asec.ahnlab.com/en/32376/ https://asec.ahnlab.com/ko/25837/ https://asec.ahnlab.com/ko/32101/	https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Signatures

AV Detection

Found malware configuration

Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack

Malware Configuration Extractor: Remcos {"Version": "5.1.0 Pro", "Host:Port:Password": "94.156.65.182:31051", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-5FAVAX", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}

Multi AV Scanner detection for domain / URL

Source: 94.156.65.182

Virustotal: Detection: 14%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	ReversingLabs: Detection: 66%
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Virustotal: Detection: 45%	Perma Link
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	ReversingLabs: Detection: 66%
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	ReversingLabs: Detection: 66%
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	ReversingLabs: Detection: 66%
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	ReversingLabs: Detection: 66%
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	ReversingLabs: Detection: 66%

Multi AV Scanner detection for submitted file

Source: Order_YK240612-01D(estimate).scr.exe	ReversingLabs: Detection: 66%
Source: Order_YK240612-01D(estimate).scr.exe	Virustotal: Detection: 45%			Perma Link

Yara detected Remcos RAT

Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000044.00000002.2879684791.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000052.00000002.3042487527.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2500174837.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2296469173.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205857904.0000000001338000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2670350624.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2579241360.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003D.00000002.2742432457.0000000000C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004C.00000002.2974781388.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4456081640.0000000001048000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2365812431.0000000001087000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 1972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 6360, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 1628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 5480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 6500, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 5380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 3948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 2468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 6480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00433837 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,

15_2_00433837

Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_88250a6f-c

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 6360, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR

Privilege Escalation

Contains functionality to bypass UAC (CMSTPLUA)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_004074FD _wcslen,CoGetObject,

15_2_004074FD

Uses 32bit PE files

Source: Order_YK240612-01D(estimate).scr.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49715 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49716 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49719 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63229 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63233 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63235 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63236 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63237 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63238 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63239 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63241 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63242 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63243 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63244 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63246 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63247 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63248 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63249 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63250 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63252 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63253 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63254 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63255 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63256 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63256 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63258 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63259 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63260 version: TLS 1.0

Source: Order_YK240612-01D(estimate).scr.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Administrator\Desktop\2023CryptsDone\Tumann\obj\Debug\Serliak.pdb8 source: Order_YK240612-01D(estimate).scr.exe, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.73.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.59.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.28.dr, Order_YK240612-01D(estimate).scr.pif.5.dr, Order_YK240612-01D(estimate).scr.pif.pif.13.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.44.dr
Source:	Binary string: C:\Users\Administrator\Desktop\2023CryptsDone\Tumann\obj\Debug\Serliak.pdb source: Order_YK240612-01D(estimate).scr.exe, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.73.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.59.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.28.dr, Order_YK240612-01D(estimate).scr.pif.5.dr, Order_YK240612-01D(estimate).scr.pif.pif.13.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.44.dr

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00409253 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,	15_2_00409253
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0041C291 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,	15_2_0041C291
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040C34D FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,	15_2_0040C34D
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00409665 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,	15_2_00409665
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0044E879 FindFirstFileExA,	15_2_0044E879
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040880C __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,	15_2_0040880C
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040783C FindFirstFileW,FindNextFileW,	15_2_0040783C
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00419AF5 FindFirstFileW,FindNextFileW,FindNextFileW,	15_2_00419AF5
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040BB30 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,	15_2_0040BB30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040BD37 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,	15_2_0040BD37

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00407C97 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,

15_2_00407C97

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 94.156.65.182

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.5:49706 -> 94.156.65.182:31051

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/SeZ4MLo1Yj3m HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/gWgSDKWAxsrC HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/EckvwQHrOIHT HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/GmzXz5RU6G6l HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/HGTlth969vgl HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/R2O5rB8ez9xA HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/m3LxQcl7Jw9I HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/wC3BrnP7dccv HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/z3EPFBxRGVVz HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/3K9dNKi56G9i HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/hNZBHDZNFUPr HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/6XWH6UilIY7a HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/xbIma69Dnsol HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/yPgxNf3KOOqM HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/pnDmg2d0XNkK HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/XOlEAbM0nRZd HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/lte5DYATfEMG HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/8K8OSFaJjyBE HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/FW6qSQfmbT8f HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: TERASYST-ASBG TERASYST-ASBG

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49715 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49716 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49719 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63229 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63233 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63235 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63236 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63237 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63238 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63239 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63241 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63242 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63243 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63244 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63246 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63247 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63248 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63249 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63250 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63252 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63253 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63254 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63255 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63256 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63256 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63258 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:63259 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:63260 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.65.182

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0041B380 InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

15_2_0041B380

Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/SeZ4MLo1Yj3m HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/gWgSDKWAxsrC HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/EckvwQHrOIHT HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/GmzXz5RU6G6l HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/HGTlth969vgl HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/R2O5rB8ez9xA HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/m3LxQcl7Jw9I HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/wC3BrnP7dccv HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/z3EPFBxRGVVz HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/3K9dNKi56G9i HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/hNZBHDZNFUPr HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/6XWH6UilIY7a HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/xbIma69Dnsol HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/yPgxNf3KOOqM HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/pnDmg2d0XNkK HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/XOlEAbM0nRZd HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/lte5DYATfEMG HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/8K8OSFaJjyBE HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data-package/tbcDkJlg/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /storage/download/FW6qSQfmbT8f HTTP/1.1Host: s25.filetransfer.ioConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: filetransfer.io
Source: global traffic	DNS traffic detected: DNS query: s25.filetransfer.io
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: Order_YK240612-01D(estimate).scr.pif	String found in binary or memory: http://geoplugin.net/json.gp
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif, 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gp/C
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.000000000328C000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.0000000002841000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.00000000026CC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 0000002F.00000002.2674907205.000000000302C000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2751881613.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 0000003E.00000002.2885507653.00000000026AC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.2981635842.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3048064807.00000000032BC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif, 00000053.00000002.3133094809.0000000002321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.000000000328C000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.0000000002841000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.00000000026CC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 0000002F.00000002.2674907205.000000000302C000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2751881613.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 0000003E.00000002.2885507653.00000000026AC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.2981635842.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3048064807.00000000032BC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif, 00000053.00000002.3133094809.0000000002321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://filetransfer.io
Source: Order_YK240612-01D(estimate).scr.exe, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.73.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.59.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.28.dr, Order_YK240612-01D(estimate).scr.pif.5.dr, Order_YK240612-01D(estimate).scr.pif.pif.13.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.44.dr	String found in binary or memory: https://filetransfer.io/data-package/tbcDkJlg/download
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.000000000295C000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.000000000288B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.000000000270B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 0000002F.00000002.2674907205.000000000306C000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2751881613.000000000321B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 0000003E.00000002.2885507653.00000000026EC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.2981635842.0000000002D1B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3048064807.00000000032FC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif, 00000053.00000002.3133094809.000000000236B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.2981635842.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.2981635842.0000000002D1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/3K9dNKi56G9i
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif, 00000053.00000002.3133094809.000000000236B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif, 00000053.00000002.3133094809.0000000002367000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/6XWH6UilIY7a
Source: Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.00000000032CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/EckvwQHrOIHT
Source: Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.000000000288B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.0000000002887000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/GmzXz5RU6G6l
Source: Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.0000000002707000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.000000000270B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/HGTlth969vgl
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.0000000002F17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/R2O5rB8ez9xA
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/SeZ4MLo1Yj3m
Source: Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.0000000002957000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/gWgSDKWAxsrC
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3048064807.00000000032F7000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3048064807.00000000032FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/hNZBHDZNFUPr
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif, 0000002F.00000002.2674907205.000000000306C000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 0000002F.00000002.2674907205.0000000003067000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/m3LxQcl7Jw9I
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2751881613.0000000003217000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2751881613.000000000321B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/wC3BrnP7dccv
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 0000003E.00000002.2885507653.00000000026E7000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 0000003E.00000002.2885507653.00000000026EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s25.filetransfer.io/storage/download/z3EPFBxRGVVz

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63252
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63242
Source: unknown	Network traffic detected: HTTP traffic on port 63244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63244
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63247
Source: unknown	Network traffic detected: HTTP traffic on port 63248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63248
Source: unknown	Network traffic detected: HTTP traffic on port 63238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63260
Source: unknown	Network traffic detected: HTTP traffic on port 63255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63258
Source: unknown	Network traffic detected: HTTP traffic on port 63249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63259
Source: unknown	Network traffic detected: HTTP traffic on port 63237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63230
Source: unknown	Network traffic detected: HTTP traffic on port 63233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63229
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 63246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63226
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63241
Source: unknown	Network traffic detected: HTTP traffic on port 63232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63239
Source: unknown	Network traffic detected: HTTP traffic on port 63250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63231
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63233
Source: unknown	Network traffic detected: HTTP traffic on port 63243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63235
Source: unknown	Network traffic detected: HTTP traffic on port 63247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63237

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0040A2B8 SetWindowsHookExA 0000000D,0040A2A4,00000000

15_2_0040A2B8

Contains functionality for read data from the clipboard

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0040B70E OpenClipboard,GetClipboardData,CloseClipboard,

15_2_0040B70E

Contains functionality to modify clipboard data

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_004168C1 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

15_2_004168C1

Contains functionality to read the clipboard data

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0040B70E OpenClipboard,GetClipboardData,CloseClipboard,

15_2_0040B70E

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0040A3E0 GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,

15_2_0040A3E0

E-Banking Fraud

Yara detected Remcos RAT

Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000044.00000002.2879684791.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000052.00000002.3042487527.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2500174837.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2296469173.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205857904.0000000001338000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2670350624.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2579241360.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003D.00000002.2742432457.0000000000C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004C.00000002.2974781388.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4456081640.0000000001048000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2365812431.0000000001087000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 1972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 6360, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 1628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 5480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 6500, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 5380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 3948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 2468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 6480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR

Spam, unwanted Advertisements and Ransom Demands

Contains functionalty to change the wallpaper

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0041C9E2 SystemParametersInfoW,

15_2_0041C9E2

Too many similar processes found

Source: cmd.exe

Process created: 45

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 6360, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 828, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4444, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Order_YK240612-01D(estimate).scr.exe

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_004167B4 ExitWindowsEx,LoadLibraryA,GetProcAddress,

15_2_004167B4

Detected potential crypto function

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_00F2C3F4	0_2_00F2C3F4
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_00F225D8	0_2_00F225D8
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_00F2EEA0	0_2_00F2EEA0
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_05066CD8	0_2_05066CD8
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068873F8	0_2_068873F8
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_06886C51	0_2_06886C51
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068873E9	0_2_068873E9
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068F2EF8	0_2_068F2EF8
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068FF6F0	0_2_068FF6F0
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068FE848	0_2_068FE848
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068FD100	0_2_068FD100
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068FB260	0_2_068FB260
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068F51F0	0_2_068F51F0
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693E3C8	0_2_0693E3C8
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693CD90	0_2_0693CD90
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_06936D20	0_2_06936D20
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693DAF8	0_2_0693DAF8
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693D7B0	0_2_0693D7B0
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_06930488	0_2_06930488
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_06939318	0_2_06939318
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693F8AC	0_2_0693F8AC
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_069632C7	0_2_069632C7
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0696673A	0_2_0696673A
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_069614E8	0_2_069614E8
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_06964989	0_2_06964989
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_06960040	0_2_06960040
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_070D3990	0_2_070D3990
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_070D1CDF	0_2_070D1CDF
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_070D1B68	0_2_070D1B68
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_070D1E27	0_2_070D1E27
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_00DDC3F4	8_2_00DDC3F4
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_00DDEEA0	8_2_00DDEEA0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053DE448	8_2_053DE448
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053D73F8	8_2_053D73F8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053DCDC0	8_2_053DCDC0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053D4358	8_2_053D4358
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053D73E9	8_2_053D73E9
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053D6C60	8_2_053D6C60
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053D3B60	8_2_053D3B60
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_064F2EF8	8_2_064F2EF8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_064FF6F0	8_2_064FF6F0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_064FE848	8_2_064FE848
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_064FD100	8_2_064FD100
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_064FB270	8_2_064FB270
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_064F51F0	8_2_064F51F0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653E3C8	8_2_0653E3C8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06536D20	8_2_06536D20
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653CD90	8_2_0653CD90
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653DAF8	8_2_0653DAF8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653D7B0	8_2_0653D7B0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06530498	8_2_06530498
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06539318	8_2_06539318
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653F8AC	8_2_0653F8AC
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_065632C7	8_2_065632C7
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06566708	8_2_06566708
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_065614E8	8_2_065614E8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_065649C0	8_2_065649C0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06560040	8_2_06560040
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06D51C9F	8_2_06D51C9F
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06D5397F	8_2_06D5397F
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06D51B68	8_2_06D51B68
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06D51DE7	8_2_06D51DE7
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0043E0CC	15_2_0043E0CC
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0041F0FA	15_2_0041F0FA
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00454159	15_2_00454159
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00438168	15_2_00438168
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_004461F0	15_2_004461F0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0043E2FB	15_2_0043E2FB
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0045332B	15_2_0045332B
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0042739D	15_2_0042739D
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_004374E6	15_2_004374E6
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0043E558	15_2_0043E558
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00438770	15_2_00438770
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_004378FE	15_2_004378FE
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00433946	15_2_00433946
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0044D9C9	15_2_0044D9C9
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00427A46	15_2_00427A46
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0041DB62	15_2_0041DB62
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00427BAF	15_2_00427BAF
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00437D33	15_2_00437D33
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00435E5E	15_2_00435E5E
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00426E0E	15_2_00426E0E
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0043DE9D	15_2_0043DE9D
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00413FCA	15_2_00413FCA
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00436FEA	15_2_00436FEA
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_017EC3F4	16_2_017EC3F4
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_017E4C80	16_2_017E4C80
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_017EEEA0	16_2_017EEEA0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_057D6CD8	16_2_057D6CD8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_0706F6F0	16_2_0706F6F0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_07062EF8	16_2_07062EF8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_0706D100	16_2_0706D100
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_0706E848	16_2_0706E848
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_0706B260	16_2_0706B260
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070651F0	16_2_070651F0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070AE3C8	16_2_070AE3C8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070A6D20	16_2_070A6D20
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070ACD90	16_2_070ACD90
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070ADAF8	16_2_070ADAF8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070AD7B0	16_2_070AD7B0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070A0488	16_2_070A0488
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070A9318	16_2_070A9318
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070AF8AC	16_2_070AF8AC
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070D6708	16_2_070D6708
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070D32C7	16_2_070D32C7
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070D4989	16_2_070D4989
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070D14E8	16_2_070D14E8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070D0040	16_2_070D0040
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_07783990	16_2_07783990
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_07781C2E	16_2_07781C2E
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_07781B68	16_2_07781B68
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_07781E9E	16_2_07781E9E
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_00E6C3F4	22_2_00E6C3F4
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_00E6EEA0	22_2_00E6EEA0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_04DC6CD8	22_2_04DC6CD8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_064FF6F0	22_2_064FF6F0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_064FE848	22_2_064FE848
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_064F2EF8	22_2_064F2EF8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_064FB270	22_2_064FB270
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_064FD100	22_2_064FD100
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_064F51F0	22_2_064F51F0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655E3C8	22_2_0655E3C8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06556D20	22_2_06556D20
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655CD90	22_2_0655CD90
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655DAF8	22_2_0655DAF8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655D7B0	22_2_0655D7B0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06550498	22_2_06550498
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06559318	22_2_06559318
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655F8AC	22_2_0655F8AC
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_065832D8	22_2_065832D8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06586708	22_2_06586708
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_065814E8	22_2_065814E8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_065849C0	22_2_065849C0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06580040	22_2_06580040
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06F71CA1	22_2_06F71CA1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06F73990	22_2_06F73990
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_06F71DE9	22_2_06F71DE9

Found potential string decryption / allocating functions

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: String function: 00434E10 appears 54 times
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: String function: 00402093 appears 50 times
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: String function: 00434770 appears 41 times
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: String function: 00401E65 appears 34 times

Sample file is different than original file name gathered from version info

Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2075972755.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Order_YK240612-01D(estimate).scr.exe
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000000.1986970809.00000000007C2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSerliak.exe0 vs Order_YK240612-01D(estimate).scr.exe
Source: Order_YK240612-01D(estimate).scr.exe	Binary or memory string: OriginalFilenameSerliak.exe0 vs Order_YK240612-01D(estimate).scr.exe

Uses 32bit PE files

Source: Order_YK240612-01D(estimate).scr.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Uses reg.exe to modify the Windows registry

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"

Yara signature match

Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 6360, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 828, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4444, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.rans.troj.spyw.expl.evad.winEXE@137/19@6/3

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00417952 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,

15_2_00417952

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0040F474 GetModuleFileNameW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CloseHandle,

15_2_0040F474

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0041B4A8 FindResourceA,LoadResource,LockResource,SizeofResource,

15_2_0041B4A8

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0041AA4A OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

15_2_0041AA4A

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1524:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3876:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1876:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5484:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6004:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5564:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1372:120:WilError_03
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1476:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4832:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5780:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5396:120:WilError_03
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6436:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4024:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1352:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5052:120:WilError_03

Source: Order_YK240612-01D(estimate).scr.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Order_YK240612-01D(estimate).scr.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Order_YK240612-01D(estimate).scr.exe	ReversingLabs: Detection: 66%
Source: Order_YK240612-01D(estimate).scr.exe	Virustotal: Detection: 45%

Source: unknown	Process created: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe "C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe"
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process created: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe "C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: unknown	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process created: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe "C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Process created: unknown unknown
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Process created: unknown unknown
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: secur32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: schannel.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: winmm.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: wininet.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: netutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: winmm.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: wininet.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: netutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: secur32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: schannel.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: winmm.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: wininet.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: netutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: secur32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: schannel.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: winmm.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: wininet.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: netutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: secur32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: schannel.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: winmm.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: wininet.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: netutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: secur32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: schannel.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: winmm.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: wininet.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: netutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: secur32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: schannel.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: winmm.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: wininet.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: netutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: secur32.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: schannel.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Order_YK240612-01D(estimate).scr.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Order_YK240612-01D(estimate).scr.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Order_YK240612-01D(estimate).scr.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\Administrator\Desktop\2023CryptsDone\Tumann\obj\Debug\Serliak.pdb8 source: Order_YK240612-01D(estimate).scr.exe, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.73.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.59.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.28.dr, Order_YK240612-01D(estimate).scr.pif.5.dr, Order_YK240612-01D(estimate).scr.pif.pif.13.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.44.dr
Source:	Binary string: C:\Users\Administrator\Desktop\2023CryptsDone\Tumann\obj\Debug\Serliak.pdb source: Order_YK240612-01D(estimate).scr.exe, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.73.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.59.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.28.dr, Order_YK240612-01D(estimate).scr.pif.5.dr, Order_YK240612-01D(estimate).scr.pif.pif.13.dr, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.44.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0041CB50 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,

15_2_0041CB50

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_068FDC19 push eax; retf	0_2_068FDC41
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_069385F1 push 800691B1h; iretd	0_2_069385FD
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693ECC8 pushfd ; retf	0_2_0693ED09
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693EC62 pushad ; retf	0_2_0693EC69
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_0693EBC8 push eax; retf	0_2_0693EC09
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_06937818 push eax; iretd	0_2_0693785D
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Code function: 0_2_069640F0 push es; retn 0004h	0_2_0696408A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053D66B0 push es; ret	8_2_053D66C0
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_053DAB10 push es; ret	8_2_053DAB20
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_064FDC22 push eax; retf	8_2_064FDC41
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_065385F1 push 800651B1h; iretd	8_2_065385FD
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653EC62 pushad ; retf	8_2_0653EC69
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653ECC8 pushfd ; retf	8_2_0653ED09
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_0653EBC8 push eax; retf	8_2_0653EC09
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 8_2_06537818 push eax; iretd	8_2_0653785D
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00457106 push ecx; ret	15_2_00457119
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0045B11A push esp; ret	15_2_0045B141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0045E54D push esi; ret	15_2_0045E556
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00457A28 push eax; ret	15_2_00457A46
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00434E56 push ecx; ret	15_2_00434E69
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_0706DC22 push eax; retf	16_2_0706DC41
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070A85F1 push 800708B1h; iretd	16_2_070A85FD
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070AEC63 pushad ; retf	16_2_070AEC69
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070AECC8 pushfd ; retf	16_2_070AED09
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070AEBC8 push eax; retf	16_2_070AEC09
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 16_2_070A7818 push eax; iretd	16_2_070A785D
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_064FDC22 push eax; retf	22_2_064FDC41
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_065585F1 push 800653B1h; iretd	22_2_065585FD
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655EC62 pushad ; retf	22_2_0655EC69
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655ECC8 pushfd ; retf	22_2_0655ED09
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Code function: 22_2_0655EBC8 push eax; retf	22_2_0655EC09

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Jump to dropped file

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Jump to dropped file

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\conhost.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe

Contains functionality to download and launch executables

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00406EB0 ShellExecuteW,URLDownloadToFileW,

15_2_00406EB0

Drops PE files

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif

Creates multiple autostart registry keys

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0041AA4A OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

15_2_0041AA4A

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

15_2_0041CB50

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR

Delayed program exit found

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0040F7A7 Sleep,ExitProcess,

15_2_0040F7A7

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Memory allocated: EF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Memory allocated: 2B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Memory allocated: 2920000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory allocated: D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory allocated: 2910000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory allocated: EF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory allocated: 17B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory allocated: 3280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory allocated: 31C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory allocated: E60000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory allocated: 2840000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory allocated: 4840000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory allocated: BD0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory allocated: 26C0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory allocated: 24F0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory allocated: 1060000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory allocated: 2ED0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory allocated: 1110000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory allocated: 2EB0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory allocated: 3020000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory allocated: 5020000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory allocated: 2FF0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory allocated: 31D0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory allocated: 51D0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory allocated: 24D0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory allocated: 26A0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory allocated: 24D0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory allocated: 1460000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory allocated: 2CD0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory allocated: 2AF0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory allocated: 16B0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory allocated: 32B0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory allocated: 52B0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Memory allocated: 930000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Memory allocated: 2320000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Memory allocated: 4320000 memory reserve \| memory write watch

Contains functionality to enumerate running services

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,

15_2_0041A748

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599218	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598890	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598671	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598562	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598453	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598343	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598234	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598125	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598015	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597904	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597796	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597685	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597574	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597468	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597249	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597140	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597031	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596921	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596812	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596703	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596593	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596484	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596374	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596261	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596046	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595937	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595718	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595380	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595250	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595140	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595029	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594922	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594797	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594685	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594577	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599187	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599078	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598969	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598844	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598731	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598625	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598515	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598297	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598177	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598047	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597937	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597794	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597563	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597299	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597172	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597063	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596938	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596828	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596719	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596594	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596484	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596375	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596266	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596045	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595782	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595328	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595109	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595000	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594891	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594781	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594672	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594563	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594313	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599436	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599314	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599199	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598864	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598750	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598640	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598422	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597874	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597219	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597091	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596984	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596874	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596756	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596635	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596202	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596081	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595968	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595859	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595750	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595641	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594859	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594749	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594640	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594531	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599875
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599516
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599297
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598828
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598483
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598373
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598266
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598157
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598032
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597907
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597782
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597672
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597563
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597438
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597313
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596951
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596357
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596027
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595919
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595578
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595344
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594860
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594735
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599875
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599412
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599169
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598730
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598625
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598297
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597772
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597672
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597547
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597438
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597313
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597201
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597094
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596969
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596859
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596640
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596393
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596061
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595952
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595609
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595498
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595391
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594828
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594375
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599891
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599657
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599532
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599407
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599292
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598579
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598454
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598329
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598204
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598066
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597929
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597699
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596976
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596868
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596516
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596297
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595829
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595704
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595579
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595454
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595328
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595219
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595094
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594970
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594734
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594625
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599891
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599532
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599399
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599282
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598563
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598438
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598326
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598219
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597860
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597735
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597236
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596860
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596735
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595868
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595516
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595391
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599874
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599762
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599640
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599422
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599312
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599203
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599094
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598969
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598859
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598640
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598421
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598309
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598187
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598078
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597969
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597856
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597739
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597599
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597482
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597359
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597249
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597140
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596804
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596702
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596581
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596467
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596357
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596248
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596125
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596015
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595905
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595796
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595687
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595577
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595453
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595343
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595179
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595077
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594968
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594858
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594734
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599875
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599422
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599313
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598952
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598698
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598359
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597921
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597375
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597255
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596589
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596372
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596262
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596156
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596047
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595359
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594563
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594453
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599756
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599639
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599522
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599296
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599187
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599078
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598968
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598859
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598744
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598625
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598296
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598185
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597843
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597732
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597623
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597390
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597171
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596843
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596734
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596624
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596296
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596185
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595833
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595718
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595593
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595374
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595140
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 594921

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Window / User API: threadDelayed 7639	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Window / User API: threadDelayed 2109	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Window / User API: threadDelayed 3489	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Window / User API: threadDelayed 6505	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Window / User API: threadDelayed 2207	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Window / User API: threadDelayed 7560	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Window / User API: threadDelayed 1713	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Window / User API: threadDelayed 8136	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Window / User API: threadDelayed 7566
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Window / User API: threadDelayed 1987
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Window / User API: threadDelayed 8011
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Window / User API: threadDelayed 1830
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Window / User API: threadDelayed 880
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Window / User API: threadDelayed 8075
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Window / User API: threadDelayed 8720
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Window / User API: threadDelayed 1106
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Window / User API: threadDelayed 4029
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Window / User API: threadDelayed 5036
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Window / User API: threadDelayed 6225
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Window / User API: threadDelayed 3530
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Window / User API: threadDelayed 6362
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Window / User API: threadDelayed 3290
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Window / User API: threadDelayed 5627
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Window / User API: threadDelayed 2878
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Window / User API: threadDelayed 5843
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Window / User API: threadDelayed 3467

Found large amount of non-executed APIs

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

API coverage: 6.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -27670116110564310s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 7096	Thread sleep count: 7639 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 7096	Thread sleep count: 2109 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -599000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598671s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -598015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597904s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597796s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597685s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597574s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597249s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -597031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596921s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596593s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596374s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596261s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -596046s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595380s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -595029s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -594922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -594797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -594685s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 4832	Thread sleep time: -594577s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 320	Thread sleep count: 3489 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 320	Thread sleep time: -10467000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 320	Thread sleep count: 6505 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe TID: 320	Thread sleep time: -19515000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -29514790517935264s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5548	Thread sleep count: 2207 > 30	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5548	Thread sleep count: 7560 > 30	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599656s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599547s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599438s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599313s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599187s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -599078s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598969s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598844s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598731s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598625s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598515s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598406s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598297s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598177s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -598047s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597937s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597794s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597688s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597563s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597438s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597299s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597172s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -597063s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596938s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596828s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596719s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596594s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596484s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596375s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596266s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596156s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -596045s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595938s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595782s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595656s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595547s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595438s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595328s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595219s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595109s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -595000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -594891s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -594781s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -594672s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -594563s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -594438s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 5880	Thread sleep time: -594313s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -29514790517935264s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 4668	Thread sleep count: 1713 > 30	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 4668	Thread sleep count: 8136 > 30	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599765s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599656s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599547s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599436s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599314s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599199s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -599094s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598864s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598750s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598640s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598531s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598422s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598312s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598203s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -598093s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597984s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597874s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597765s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597656s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597547s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597328s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597219s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -597091s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596984s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596874s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596756s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596635s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596422s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596312s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596202s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -596081s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595968s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595859s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595750s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595641s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595516s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595406s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595297s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595187s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -595078s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -594969s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -594859s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -594749s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -594640s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif TID: 2820	Thread sleep time: -594531s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -27670116110564310s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599875s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 5136	Thread sleep count: 7566 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 5136	Thread sleep count: 1987 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599641s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599516s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599406s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599297s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599188s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -599063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598938s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598828s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598719s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598594s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598483s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598373s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598266s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598157s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -598032s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597907s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597782s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597672s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597563s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597438s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597313s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597188s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -597063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596951s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596844s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596719s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596610s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596484s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596357s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596250s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596141s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -596027s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595919s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595813s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595688s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595578s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595469s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595344s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595235s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -595110s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -594985s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -594860s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -594735s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -594610s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -594485s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 6508	Thread sleep time: -594360s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3692	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 5572	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep count: 38 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -35048813740048126s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599875s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 4280	Thread sleep count: 8011 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 4280	Thread sleep count: 1830 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599641s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599531s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599412s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599281s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599169s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -599062s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598953s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598844s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598730s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598625s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598515s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598406s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598297s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598188s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -598063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597938s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597772s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597672s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597547s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597438s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597313s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597201s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -597094s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596969s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596859s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596750s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596640s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596531s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596393s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596281s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596172s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -596061s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595952s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595844s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595719s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595609s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595498s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595391s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595281s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595172s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -595063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -594938s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -594828s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -594719s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -594594s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -594484s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif TID: 3868	Thread sleep time: -594375s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep count: 31 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -28592453314249787s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 3692	Thread sleep count: 880 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599891s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 3692	Thread sleep count: 8075 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599657s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599532s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599407s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599292s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599188s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -599063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598938s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598813s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598688s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598579s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598454s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598329s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598204s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -598066s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597929s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597813s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597699s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597594s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597485s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597360s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597235s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -597110s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596976s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596868s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596750s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596641s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596516s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596406s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596297s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596188s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -596063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595938s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595829s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595704s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595579s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595454s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595328s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595219s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -595094s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -594970s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -594844s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -594734s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 7116	Thread sleep time: -594625s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 6308	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 2292	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep count: 32 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -29514790517935264s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599891s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4304	Thread sleep count: 8720 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4304	Thread sleep count: 1106 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599641s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599532s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599399s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599282s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599172s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -599063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598938s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598813s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598688s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598563s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598438s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598326s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598219s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -598110s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597985s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597860s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597735s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597610s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597485s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597360s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597236s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -597110s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596985s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596860s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596735s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596610s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596485s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596360s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596235s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -596110s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595985s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595868s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595750s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595641s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595516s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595391s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595281s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595172s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -595063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594938s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594813s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594703s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594594s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594469s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594360s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594235s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif TID: 4836	Thread sleep time: -594110s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep count: 36 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -33204139332677172s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 6120	Thread sleep count: 4029 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599874s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 6120	Thread sleep count: 5036 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599762s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599640s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599531s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599422s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599312s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599203s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -599094s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598969s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598859s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598750s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598640s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598531s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598421s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598309s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598187s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -598078s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597969s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597856s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597739s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597599s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597482s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597359s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597249s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597140s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -597031s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596922s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596804s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596702s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596581s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596467s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596357s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596248s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596125s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -596015s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595905s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595796s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595687s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595577s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595453s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595343s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595179s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -595077s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -594968s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -594858s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1848	Thread sleep time: -594734s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 2212	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 1492	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep count: 34 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -31359464925306218s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 6516	Thread sleep count: 6225 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599875s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 6516	Thread sleep count: 3530 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599641s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599531s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599422s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599313s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599188s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -599063s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598952s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598812s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598698s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598594s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598469s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598359s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598250s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598141s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -598031s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597921s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597812s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597703s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597594s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597484s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597375s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597255s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597141s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -597031s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596922s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596812s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596703s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596589s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596484s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596372s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596262s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596156s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -596047s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595922s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595812s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595703s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595594s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595469s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595359s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595250s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595141s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -595031s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -594922s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -594813s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -594688s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -594563s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif TID: 3528	Thread sleep time: -594453s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep count: 32 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -29514790517935264s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6628	Thread sleep count: 6362 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -599756s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6628	Thread sleep count: 3290 > 30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -599639s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -599522s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -599406s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -599296s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -599187s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -599078s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -598968s >= -30000s
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif TID: 6400	Thread sleep time: -598859s >= -30000s

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00409253 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,	15_2_00409253
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0041C291 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,	15_2_0041C291
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040C34D FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,	15_2_0040C34D
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00409665 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,	15_2_00409665
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0044E879 FindFirstFileExA,	15_2_0044E879
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040880C __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,	15_2_0040880C
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040783C FindFirstFileW,FindNextFileW,	15_2_0040783C
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00419AF5 FindFirstFileW,FindNextFileW,FindNextFileW,	15_2_00419AF5
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040BB30 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,	15_2_0040BB30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0040BD37 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,	15_2_0040BD37

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00407C97 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,

15_2_00407C97

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599218	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598890	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598671	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598562	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598453	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598343	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598234	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598125	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 598015	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597904	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597796	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597685	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597574	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597468	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597249	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597140	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 597031	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596921	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596812	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596703	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596593	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596484	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596374	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596261	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 596046	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595937	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595718	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595380	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595250	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595140	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 595029	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594922	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594797	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594685	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Thread delayed: delay time: 594577	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599187	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599078	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598969	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598844	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598731	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598625	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598515	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598297	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598177	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598047	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597937	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597794	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597563	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597299	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597172	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597063	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596938	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596828	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596719	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596594	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596484	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596375	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596266	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596045	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595782	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595328	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595109	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595000	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594891	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594781	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594672	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594563	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594438	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594313	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599436	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599314	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599199	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598864	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598750	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598640	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598422	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597874	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597219	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 597091	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596984	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596874	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596756	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596635	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596202	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 596081	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595968	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595859	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595750	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595641	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594859	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594749	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594640	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Thread delayed: delay time: 594531	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599875
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599516
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599297
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598828
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598483
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598373
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598266
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598157
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598032
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597907
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597782
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597672
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597563
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597438
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597313
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596951
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596357
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596027
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595919
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595578
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595344
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594860
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594735
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599875
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599412
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599169
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 599062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598730
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598625
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598297
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 598063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597772
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597672
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597547
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597438
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597313
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597201
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 597094
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596969
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596859
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596640
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596393
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 596061
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595952
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595609
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595498
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595391
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 595063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594828
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594719
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Thread delayed: delay time: 594375
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599891
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599657
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599532
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599407
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599292
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598579
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598454
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598329
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598204
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598066
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597929
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597699
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596976
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596868
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596516
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596297
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595829
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595704
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595579
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595454
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595328
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595219
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595094
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594970
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594844
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594734
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594625
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599891
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599532
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599399
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599282
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598563
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598438
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598326
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598219
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 598110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597860
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597735
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597236
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 597110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596860
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596735
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596485
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 596110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595985
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595868
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595516
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595391
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595172
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 595063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594938
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594360
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594235
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Thread delayed: delay time: 594110
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599874
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599762
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599640
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599422
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599312
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599203
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599094
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598969
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598859
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598750
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598640
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598421
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598309
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598187
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598078
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597969
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597856
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597739
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597599
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597482
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597359
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597249
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597140
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596804
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596702
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596581
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596467
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596357
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596248
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596125
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596015
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595905
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595796
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595687
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595577
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595453
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595343
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595179
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595077
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594968
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594858
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594734
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599875
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599766
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599641
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599531
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599422
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599313
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599188
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 599063
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598952
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598698
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598359
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 598031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597921
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597375
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597255
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 597031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596589
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596372
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596262
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596156
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 596047
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595812
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595703
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595594
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595469
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595359
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595141
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 595031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594922
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594813
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594688
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594563
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Thread delayed: delay time: 594453
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 600000
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599756
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599639
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599522
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599296
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599187
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 599078
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598968
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598859
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598744
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598625
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598296
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598185
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 598062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597843
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597732
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597623
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597390
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597281
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597171
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 597062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596843
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596734
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596624
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596515
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596406
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596296
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596185
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 596062
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595953
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595833
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595718
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595593
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595484
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595374
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595250
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595140
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 595031
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Thread delayed: delay time: 594921

Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 0000003E.00000002.2880006979.0000000000A03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`i
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif, 00000053.00000002.3123668867.000000000070E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw
Source: Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2366146456.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif, 0000002F.00000002.2671030528.00000000013C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
Source: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3042167260.00000000014D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2075972755.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.exe, 00000007.00000002.4456081640.0000000001048000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2206222319.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2500757781.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2580662213.00000000011F2000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2742656172.00000000014B2000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.2974006314.0000000000E12000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2296296269.00000000014B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_004349F9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

15_2_004349F9

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

15_2_0041CB50

Contains functionality to read the PEB

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_004432B5 mov eax, dword ptr fs:[00000030h]

15_2_004432B5

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00412077 GetProcessHeap,HeapFree,

15_2_00412077

Enables debug privileges

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_004349F9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_004349F9
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00434B47 SetUnhandledExceptionFilter,	15_2_00434B47
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_0043BB22 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_0043BB22
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: 15_2_00434FDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00434FDC

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Memory written: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Memory written: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif base: 400000 value starts with: 4D5A

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,CloseHandle,Sleep,OpenProcess, svchost.exe

15_2_004120F7

Contains functionality to simulate mouse events

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00419627 mouse_event,

15_2_00419627

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Process created: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe "C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Process created: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Process created: unknown unknown
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00434C52 cpuid

15_2_00434C52

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: EnumSystemLocalesW,	15_2_00452036
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	15_2_004520C3
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: GetLocaleInfoW,	15_2_00452313
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: EnumSystemLocalesW,	15_2_00448404
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	15_2_0045243C
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: GetLocaleInfoW,	15_2_00452543
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	15_2_00452610
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: GetLocaleInfoA,	15_2_0040F8D1
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: GetLocaleInfoW,	15_2_004488ED
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	15_2_00451CD8
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: EnumSystemLocalesW,	15_2_00451F50
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: EnumSystemLocalesW,	15_2_00451F9B

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Queries volume information: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Queries volume information: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0040B164 GetLocalTime,wsprintfW,

15_2_0040B164

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_0041B60D GetUserNameW,

15_2_0041B60D

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: 15_2_00449190 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

15_2_00449190

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.00000000029C5000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.0000000003619000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.0000000002979000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.00000000031F4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $]q(C:\Program Files\AVG\Antivirus\AVGUI.exe
Source: Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2383026813.00000000060F7000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 00000045.00000002.3009783321.0000000006594000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3077913357.0000000006B29000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\AVG\Antivirus\AVGUI.exe
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.00000000029C5000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.0000000003619000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.0000000002979000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.00000000031F4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $]q.exe.IUGVA\surivitnA\GVA\)68x( seliF margorP\:C`,]q.C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2079343991.000000000635A000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2214033577.000000000609F000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2311754113.0000000006C10000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2383026813.00000000060F7000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2522036992.0000000005F29000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2606393692.00000000065FE000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif, 00000037.00000002.2777069119.0000000006A6E000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif, 0000004B.00000002.3077913357.0000000006B5C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2075972755.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2214033577.00000000060F2000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2206222319.0000000000C0B000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2311754113.0000000006BD0000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2296296269.00000000014B5000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2383605240.000000000613B000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2366146456.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2500757781.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2580662213.00000000011F2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.00000000029C5000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.0000000003619000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.0000000002979000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.00000000031F4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $]q.C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
Source: Order_YK240612-01D(estimate).scr.exe, 00000000.00000002.2076541009.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000008.00000002.2207586145.00000000029C5000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.0000000003619000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif, 00000010.00000002.2301206289.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000016.00000002.2370147215.0000000002979000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.0000000002A1E000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif, 00000020.00000002.2503073033.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, Order_YK240612-01D(estimate).scr.pif.pif.pif, 00000028.00000002.2584158243.00000000031F4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $]q.exe.IUGVA\surivitnA\GVA\)68x( seliF margorP\:C`,]q(C:\Program Files\AVG\Antivirus\AVGUI.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\reg.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Remcos RAT

Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000044.00000002.2879684791.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000052.00000002.3042487527.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2500174837.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2296469173.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205857904.0000000001338000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2670350624.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2579241360.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003D.00000002.2742432457.0000000000C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004C.00000002.2974781388.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4456081640.0000000001048000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2365812431.0000000001087000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 1972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 6360, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 1628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 5480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 6500, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 5380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 3948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 2468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 6480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR

Contains functionality to steal Chrome passwords or cookies

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: \AppData\Local\Google\Chrome\User Data\Default\Login Data

15_2_0040BA12

Contains functionality to steal Firefox passwords or cookies

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: \AppData\Roaming\Mozilla\Firefox\Profiles\		15_2_0040BB30
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Code function: \key3.db		15_2_0040BB30

Remote Access Functionality

Detected Remcos RAT

Source: C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX	Jump to behavior
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX
Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-5FAVAX

Yara detected Remcos RAT

Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.Order_YK240612-01D(estimate).scr.pif.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3e4fc50.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d6fbf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3d8fc10.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order_YK240612-01D(estimate).scr.exe.3c595b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000044.00000002.2879684791.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000052.00000002.3042487527.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2500174837.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2379026350.00000000038A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000002.3071288970.0000000004311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2296469173.0000000000F57000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2906472397.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000053.00000002.3156634655.0000000003381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205364642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2600838241.0000000003F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2692527886.0000000004084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2205857904.0000000001338000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2670350624.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2077491922.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000045.00000002.3001787354.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2516986060.0000000003727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2579241360.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003D.00000002.2742432457.0000000000C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004C.00000002.2974781388.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2212446199.0000000003979000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2308453893.00000000042E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4456081640.0000000001048000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2365812431.0000000001087000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2770757236.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.exe PID: 1972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 7100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 6360, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 5788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif PID: 1628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 5480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif PID: 6500, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 5380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 4444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif PID: 3948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 5624, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 2468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 1788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif PID: 6480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 3448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif PID: 6828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif PID: 356, type: MEMORYSTR

Contains functionality to launch a control a shell (cmd.exe)

Source: C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif

Code function: cmd.exe

15_2_0040569A

Windows Analysis Report
Order_YK240612-01D(estimate).scr.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Cryptography

Exploits

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Windows Analysis Report Order_YK240612-01D(estimate).scr.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Cryptography

Exploits

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Windows Analysis Report
Order_YK240612-01D(estimate).scr.exe

Malware Threat Intel
Provided by