Edit tour

Windows Analysis Report
Purchase Order Purchase Order Purchase Order Purchase Order.exe

Overview

General Information

Sample name:	Purchase Order Purchase Order Purchase Order Purchase Order.exe
Analysis ID:	1557894
MD5:	b9a03fb0c2c7f23a1e4ccb0d79c5053c
SHA1:	4d87c4ed89d8b92f2b6849dc6af6a8850f8e5e7c
SHA256:	099369eb025c3e23b6669c872ac2572e7bc4ba9200eb4d6318284983ddb78e3f
Tags:	exeGuLoaderuser-abuse_ch
Infos:

Detection

FormBook, GuLoader

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected FormBook

Yara detected GuLoader

AI detected suspicious sample

Initial sample is a PE file and has a suspicious name

Switches to a custom stack to bypass stack traces

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates processes with suspicious names

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Purchase Order Purchase Order Purchase Order Purchase Order.exe (PID: 6904 cmdline: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe" MD5: B9A03FB0C2C7F23A1E4CCB0D79C5053C)

Purchase Order Purchase Order Purchase Order Purchase Order.exe (PID: 7800 cmdline: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe" MD5: B9A03FB0C2C7F23A1E4CCB0D79C5053C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.1914988033.0000000003FC1000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-18T18:19:35.134009+0100	2803270	2	Potentially Bad Traffic	192.168.2.7	53200	185.222.57.90	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://185.222.57.90/zFSrvbrRquo53.bin

Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe

ReversingLabs: Detection: 27%

Yara detected FormBook

Source: Yara match

File source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp
Source:	Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,	5_2_004059CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_004065FD FindFirstFileW,FindClose,	5_2_004065FD
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_00402868 FindFirstFileW,	5_2_00402868

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts	Jump to behavior

Source: Network traffic

Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53200 -> 185.222.57.90:80

Source: global traffic

HTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90
Source: unknown	TCP traffic detected without corresponding DNS query: 185.222.57.90

Source: global traffic

HTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.222.57.90/
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689244390.0000000033CC0000.00000004.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.00000000046C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.bin
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.bin55
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.00000000046C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.binj
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.00000000005F2000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.00000000005F2000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 5_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,LdrInitializeThunk,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

5_2_00405461

E-Banking Fraud

Yara detected FormBook

Source: Yara match

File source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

System Summary

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Purchase Order Purchase Order Purchase Order Purchase Order.exe

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348635C0 NtCreateMutant,LdrInitializeThunk,	11_2_348635C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862C70 NtFreeVirtualMemory,LdrInitializeThunk,	11_2_34862C70
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862DF0 NtQuerySystemInformation,LdrInitializeThunk,	11_2_34862DF0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862B60 NtClose,LdrInitializeThunk,	11_2_34862B60
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34863090 NtSetValueKey,	11_2_34863090
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34863010 NtOpenDirectoryObject,	11_2_34863010
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34863D10 NtOpenProcessToken,	11_2_34863D10
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34863D70 NtOpenThread,	11_2_34863D70
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348639B0 NtGetContextThread,	11_2_348639B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34864650 NtSuspendThread,	11_2_34864650
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34864340 NtSetContextThread,	11_2_34864340
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862CA0 NtQueryInformationToken,	11_2_34862CA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862CC0 NtQueryVirtualMemory,	11_2_34862CC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862CF0 NtOpenProcess,	11_2_34862CF0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862C00 NtQueryInformationProcess,	11_2_34862C00
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862C60 NtCreateKey,	11_2_34862C60
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862DB0 NtEnumerateKey,	11_2_34862DB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862DD0 NtDelayExecution,	11_2_34862DD0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862D00 NtSetInformationFile,	11_2_34862D00
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862D10 NtMapViewOfSection,	11_2_34862D10
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862D30 NtUnmapViewOfSection,	11_2_34862D30
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862E80 NtReadVirtualMemory,	11_2_34862E80
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862EA0 NtAdjustPrivilegesToken,	11_2_34862EA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862EE0 NtQueueApcThread,	11_2_34862EE0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862E30 NtWriteVirtualMemory,	11_2_34862E30
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862F90 NtProtectVirtualMemory,	11_2_34862F90
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862FA0 NtQuerySection,	11_2_34862FA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862FB0 NtResumeThread,	11_2_34862FB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862FE0 NtCreateFile,	11_2_34862FE0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862F30 NtCreateSection,	11_2_34862F30
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862F60 NtCreateProcessEx,	11_2_34862F60
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862AB0 NtWaitForSingleObject,	11_2_34862AB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862AD0 NtReadFile,	11_2_34862AD0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862AF0 NtWriteFile,	11_2_34862AF0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862B80 NtQueryInformationFile,	11_2_34862B80
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862BA0 NtEnumerateValueKey,	11_2_34862BA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862BE0 NtQueryValueKey,	11_2_34862BE0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34862BF0 NtAllocateVirtualMemory,	11_2_34862BF0

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 5_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,

5_2_0040338F

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

File created: C:\Windows\Fonts\Gullis.lnk

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_00404C9E	5_2_00404C9E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_00406B15	5_2_00406B15
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_004072EC	5_2_004072EC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_73CF1B63	5_2_73CF1B63
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EF43F	11_2_348EF43F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821460	11_2_34821460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CD5B0	11_2_348CD5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E7571	11_2_348E7571
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E16CC	11_2_348E16CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EF7B0	11_2_348EF7B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348217EC	11_2_348217EC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B730	11_2_3483B730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF0CC	11_2_348DF0CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E70E9	11_2_348E70E9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EF0E0	11_2_348EF0E0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B1B0	11_2_3483B1B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3486516C	11_2_3486516C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348352A0	11_2_348352A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484D2F0	11_2_3484D2F0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E132D	11_2_348E132D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481D34C	11_2_3481D34C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EFCF2	11_2_348EFCF2
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34849C20	11_2_34849C20
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E1D5A	11_2_348E1D5A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E7D73	11_2_348E7D73
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34839EB0	11_2_34839EB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EFFB1	11_2_348EFFB1
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EFF09	11_2_348EFF09
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348338E0	11_2_348338E0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3489D800	11_2_3489D800
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C5910	11_2_348C5910
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484B950	11_2_3484B950
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CDAAC	11_2_348CDAAC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34875AA0	11_2_34875AA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D1AA3	11_2_348D1AA3
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DDAC6	11_2_348DDAC6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E7A46	11_2_348E7A46
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A3A6C	11_2_348A3A6C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A5BF0	11_2_348A5BF0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3486DBF9	11_2_3486DBF9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EFB76	11_2_348EFB76
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D4420	11_2_348D4420
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E2446	11_2_348E2446
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F0591	11_2_348F0591
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34830535	11_2_34830535
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484C6E0	11_2_3484C6E0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482C7C0	11_2_3482C7C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34854750	11_2_34854750
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34830770	11_2_34830770
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C2000	11_2_348C2000
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F21AE	11_2_348F21AE
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F01AA	11_2_348F01AA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E81CC	11_2_348E81CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34820100	11_2_34820100
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CA118	11_2_348CA118
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B8158	11_2_348B8158
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B02C0	11_2_348B02C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D0274	11_2_348D0274
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F03E6	11_2_348F03E6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483E3F0	11_2_3483E3F0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EA352	11_2_348EA352
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D0CB5	11_2_348D0CB5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34820CF2	11_2_34820CF2
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34830C00	11_2_34830C00
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483EC60	11_2_3483EC60
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34848DBF	11_2_34848DBF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483AD00	11_2_3483AD00
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CCD1F	11_2_348CCD1F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34842E90	11_2_34842E90
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ECE93	11_2_348ECE93
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EEEDB	11_2_348EEEDB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EEE26	11_2_348EEE26
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34830E59	11_2_34830E59
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AEFA0	11_2_348AEFA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34822FC8	11_2_34822FC8
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483CFE0	11_2_3483CFE0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34872F28	11_2_34872F28
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34850F30	11_2_34850F30
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D2F30	11_2_348D2F30
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A4F40	11_2_348A4F40
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348168B8	11_2_348168B8
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485E8F0	11_2_3485E8F0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483A840	11_2_3483A840
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34832840	11_2_34832840
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348329A0	11_2_348329A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34846962	11_2_34846962
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482EA80	11_2_3482EA80
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EEB89	11_2_348EEB89
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E6BD7	11_2_348E6BD7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EAB40	11_2_348EAB40

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: String function: 348AF290 appears 102 times
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: String function: 3481B970 appears 244 times
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: String function: 34877E54 appears 94 times
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: String function: 3489EA12 appears 70 times
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: String function: 34865130 appears 56 times

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.0000000034AC1000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.00000000345B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.0000000034769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal88.troj.evad.winEXE@3/8@0/1

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

5_2_0040338F

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 5_2_00404722 GetDlgItem,SetWindowTextW,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,LdrInitializeThunk,MulDiv,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,SetDlgItemTextW,

5_2_00404722

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 5_2_00402104 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,LdrInitializeThunk,

5_2_00402104

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

File created: C:\Users\user~1\AppData\Local\Temp\nsk58B4.tmp

Jump to behavior

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe

ReversingLabs: Detection: 27%

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

File read: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Process created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Process created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Section loaded: srvcli.dll	Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Gullis.lnk.5.dr

LNK file: ..\..\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\lensaftalerne.sla

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp
Source:	Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000005.00000002.1914988033.0000000003FC1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 5_2_73CF1B63 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,

5_2_73CF1B63

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_73CF2FD0 push eax; ret		5_2_73CF2FFE
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348209AD push ecx; mov dword ptr [esp], ecx		11_2_348209B6

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: \purchase order purchase order purchase order purchase order.exe
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: \purchase order purchase order purchase order purchase order.exe			Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

File created: C:\Users\user\AppData\Local\Temp\nsk59ED.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens\Hoveddelenes.haa	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap\Exoascaceous73.tra	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Atomizing.Eft	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Underemphasizing70.tio	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\sulkens.dic	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes\vec.jpg	Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	API/Special instruction interceptor: Address: 477F6B9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	API/Special instruction interceptor: Address: 334F6B9

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	RDTSC instruction interceptor: First address: 4743B9E second address: 4743B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FC4758BE106h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	RDTSC instruction interceptor: First address: 3313B9E second address: 3313B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FC474D025D6h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 11_2_3489D1C0 rdtsc

11_2_3489D1C0

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk59ED.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

API coverage: 0.3 %

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,	5_2_004059CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_004065FD FindFirstFileW,FindClose,	5_2_004065FD
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 5_2_00402868 FindFirstFileW,	5_2_00402868

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts	Jump to behavior

Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668967160.00000000046DD000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322679652.00000000046DD000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	API call chain: ExitProcess graph end node			graph_5-4362
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	API call chain: ExitProcess graph end node			graph_5-4366

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 11_2_3489D1C0 rdtsc

11_2_3489D1C0

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Code function: 5_2_0040264A MultiByteToWideChar,ReadFile,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,

5_2_0040264A

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

5_2_73CF1B63

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34829486 mov eax, dword ptr fs:[00000030h]	11_2_34829486
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34829486 mov eax, dword ptr fs:[00000030h]	11_2_34829486
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348174B0 mov eax, dword ptr fs:[00000030h]	11_2_348174B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348174B0 mov eax, dword ptr fs:[00000030h]	11_2_348174B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348534B0 mov eax, dword ptr fs:[00000030h]	11_2_348534B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F54DB mov eax, dword ptr fs:[00000030h]	11_2_348F54DB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C94E0 mov eax, dword ptr fs:[00000030h]	11_2_348C94E0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484340D mov eax, dword ptr fs:[00000030h]	11_2_3484340D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A7410 mov eax, dword ptr fs:[00000030h]	11_2_348A7410
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]	11_2_348CB450
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]	11_2_348CB450
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]	11_2_348CB450
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]	11_2_348CB450
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF453 mov eax, dword ptr fs:[00000030h]	11_2_348DF453
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]	11_2_34821460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]	11_2_34821460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]	11_2_34821460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]	11_2_34821460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]	11_2_34821460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]	11_2_3483F460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]	11_2_3483F460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]	11_2_3483F460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]	11_2_3483F460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]	11_2_3483F460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]	11_2_3483F460
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F547F mov eax, dword ptr fs:[00000030h]	11_2_348F547F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481758F mov eax, dword ptr fs:[00000030h]	11_2_3481758F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481758F mov eax, dword ptr fs:[00000030h]	11_2_3481758F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481758F mov eax, dword ptr fs:[00000030h]	11_2_3481758F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AB594 mov eax, dword ptr fs:[00000030h]	11_2_348AB594
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AB594 mov eax, dword ptr fs:[00000030h]	11_2_348AB594
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]	11_2_348415A9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]	11_2_348415A9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]	11_2_348415A9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]	11_2_348415A9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]	11_2_348415A9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]	11_2_348B35BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]	11_2_348B35BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]	11_2_348B35BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]	11_2_348B35BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF5BE mov eax, dword ptr fs:[00000030h]	11_2_348DF5BE
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]	11_2_3484F5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348BD5B0 mov eax, dword ptr fs:[00000030h]	11_2_348BD5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348BD5B0 mov eax, dword ptr fs:[00000030h]	11_2_348BD5B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348555C0 mov eax, dword ptr fs:[00000030h]	11_2_348555C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F55C9 mov eax, dword ptr fs:[00000030h]	11_2_348F55C9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F35D7 mov eax, dword ptr fs:[00000030h]	11_2_348F35D7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F35D7 mov eax, dword ptr fs:[00000030h]	11_2_348F35D7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F35D7 mov eax, dword ptr fs:[00000030h]	11_2_348F35D7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3489D5D0 mov eax, dword ptr fs:[00000030h]	11_2_3489D5D0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3489D5D0 mov ecx, dword ptr fs:[00000030h]	11_2_3489D5D0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348495DA mov eax, dword ptr fs:[00000030h]	11_2_348495DA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]	11_2_348415F4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]	11_2_348415F4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]	11_2_348415F4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]	11_2_348415F4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]	11_2_348415F4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]	11_2_348415F4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34857505 mov eax, dword ptr fs:[00000030h]	11_2_34857505
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34857505 mov ecx, dword ptr fs:[00000030h]	11_2_34857505
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DB52F mov eax, dword ptr fs:[00000030h]	11_2_348DB52F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485D530 mov eax, dword ptr fs:[00000030h]	11_2_3485D530
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485D530 mov eax, dword ptr fs:[00000030h]	11_2_3485D530
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]	11_2_3482D534
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]	11_2_3482D534
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]	11_2_3482D534
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]	11_2_3482D534
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]	11_2_3482D534
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]	11_2_3482D534
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F5537 mov eax, dword ptr fs:[00000030h]	11_2_348F5537
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB550 mov eax, dword ptr fs:[00000030h]	11_2_348CB550
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB550 mov eax, dword ptr fs:[00000030h]	11_2_348CB550
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB550 mov eax, dword ptr fs:[00000030h]	11_2_348CB550
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485B570 mov eax, dword ptr fs:[00000030h]	11_2_3485B570
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485B570 mov eax, dword ptr fs:[00000030h]	11_2_3485B570
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481D6AA mov eax, dword ptr fs:[00000030h]	11_2_3481D6AA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481D6AA mov eax, dword ptr fs:[00000030h]	11_2_3481D6AA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348176B2 mov eax, dword ptr fs:[00000030h]	11_2_348176B2
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348176B2 mov eax, dword ptr fs:[00000030h]	11_2_348176B2
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348176B2 mov eax, dword ptr fs:[00000030h]	11_2_348176B2
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]	11_2_3482B6C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]	11_2_3482B6C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]	11_2_3482B6C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]	11_2_3482B6C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]	11_2_3482B6C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]	11_2_3482B6C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]	11_2_348E16CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]	11_2_348E16CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]	11_2_348E16CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]	11_2_348E16CC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348516CF mov eax, dword ptr fs:[00000030h]	11_2_348516CF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF6C7 mov eax, dword ptr fs:[00000030h]	11_2_348DF6C7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484D6E0 mov eax, dword ptr fs:[00000030h]	11_2_3484D6E0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484D6E0 mov eax, dword ptr fs:[00000030h]	11_2_3484D6E0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348536EF mov eax, dword ptr fs:[00000030h]	11_2_348536EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DD6F0 mov eax, dword ptr fs:[00000030h]	11_2_348DD6F0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34851607 mov eax, dword ptr fs:[00000030h]	11_2_34851607
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485F603 mov eax, dword ptr fs:[00000030h]	11_2_3485F603
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823616 mov eax, dword ptr fs:[00000030h]	11_2_34823616
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823616 mov eax, dword ptr fs:[00000030h]	11_2_34823616
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]	11_2_3481F626
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F5636 mov eax, dword ptr fs:[00000030h]	11_2_348F5636
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34859660 mov eax, dword ptr fs:[00000030h]	11_2_34859660
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34859660 mov eax, dword ptr fs:[00000030h]	11_2_34859660
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348BD660 mov eax, dword ptr fs:[00000030h]	11_2_348BD660
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF78A mov eax, dword ptr fs:[00000030h]	11_2_348DF78A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A97A9 mov eax, dword ptr fs:[00000030h]	11_2_348A97A9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]	11_2_348AF7AF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]	11_2_348AF7AF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]	11_2_348AF7AF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]	11_2_348AF7AF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]	11_2_348AF7AF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484D7B0 mov eax, dword ptr fs:[00000030h]	11_2_3484D7B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F37B6 mov eax, dword ptr fs:[00000030h]	11_2_348F37B6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]	11_2_3481F7BA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348257C0 mov eax, dword ptr fs:[00000030h]	11_2_348257C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348257C0 mov eax, dword ptr fs:[00000030h]	11_2_348257C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348257C0 mov eax, dword ptr fs:[00000030h]	11_2_348257C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482D7E0 mov ecx, dword ptr fs:[00000030h]	11_2_3482D7E0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348217EC mov eax, dword ptr fs:[00000030h]	11_2_348217EC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348217EC mov eax, dword ptr fs:[00000030h]	11_2_348217EC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348217EC mov eax, dword ptr fs:[00000030h]	11_2_348217EC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34825702 mov eax, dword ptr fs:[00000030h]	11_2_34825702
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34825702 mov eax, dword ptr fs:[00000030h]	11_2_34825702
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827703 mov eax, dword ptr fs:[00000030h]	11_2_34827703
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485F71F mov eax, dword ptr fs:[00000030h]	11_2_3485F71F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485F71F mov eax, dword ptr fs:[00000030h]	11_2_3485F71F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823720 mov eax, dword ptr fs:[00000030h]	11_2_34823720
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F720 mov eax, dword ptr fs:[00000030h]	11_2_3483F720
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F720 mov eax, dword ptr fs:[00000030h]	11_2_3483F720
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483F720 mov eax, dword ptr fs:[00000030h]	11_2_3483F720
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF72E mov eax, dword ptr fs:[00000030h]	11_2_348DF72E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E972B mov eax, dword ptr fs:[00000030h]	11_2_348E972B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819730 mov eax, dword ptr fs:[00000030h]	11_2_34819730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819730 mov eax, dword ptr fs:[00000030h]	11_2_34819730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34855734 mov eax, dword ptr fs:[00000030h]	11_2_34855734
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]	11_2_348FB73C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]	11_2_348FB73C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]	11_2_348FB73C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]	11_2_348FB73C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B730 mov ecx, dword ptr fs:[00000030h]	11_2_3483B730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]	11_2_3483B730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]	11_2_3483B730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]	11_2_3483B730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]	11_2_3483B730
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F3749 mov eax, dword ptr fs:[00000030h]	11_2_348F3749
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]	11_2_348C375F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]	11_2_348C375F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]	11_2_348C375F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]	11_2_348C375F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]	11_2_348C375F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]	11_2_3481B765
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]	11_2_3481B765
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]	11_2_3481B765
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]	11_2_3481B765
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AD080 mov eax, dword ptr fs:[00000030h]	11_2_348AD080
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AD080 mov eax, dword ptr fs:[00000030h]	11_2_348AD080
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481D08D mov eax, dword ptr fs:[00000030h]	11_2_3481D08D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34825096 mov eax, dword ptr fs:[00000030h]	11_2_34825096
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484D090 mov eax, dword ptr fs:[00000030h]	11_2_3484D090
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484D090 mov eax, dword ptr fs:[00000030h]	11_2_3484D090
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485909C mov eax, dword ptr fs:[00000030h]	11_2_3485909C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3489D0C0 mov eax, dword ptr fs:[00000030h]	11_2_3489D0C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3489D0C0 mov eax, dword ptr fs:[00000030h]	11_2_3489D0C0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F50D9 mov eax, dword ptr fs:[00000030h]	11_2_348F50D9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348490DB mov eax, dword ptr fs:[00000030h]	11_2_348490DB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348450E4 mov eax, dword ptr fs:[00000030h]	11_2_348450E4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348450E4 mov ecx, dword ptr fs:[00000030h]	11_2_348450E4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]	11_2_348E903E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]	11_2_348E903E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]	11_2_348E903E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]	11_2_348E903E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484B052 mov eax, dword ptr fs:[00000030h]	11_2_3484B052
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A106E mov eax, dword ptr fs:[00000030h]	11_2_348A106E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F5060 mov eax, dword ptr fs:[00000030h]	11_2_348F5060
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov ecx, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]	11_2_34831070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3489D070 mov ecx, dword ptr fs:[00000030h]	11_2_3489D070
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D5180 mov eax, dword ptr fs:[00000030h]	11_2_348D5180
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D5180 mov eax, dword ptr fs:[00000030h]	11_2_348D5180
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34877190 mov eax, dword ptr fs:[00000030h]	11_2_34877190
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]	11_2_348D11A4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]	11_2_348D11A4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]	11_2_348D11A4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]	11_2_348D11A4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483B1B0 mov eax, dword ptr fs:[00000030h]	11_2_3483B1B0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F51CB mov eax, dword ptr fs:[00000030h]	11_2_348F51CB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485D1D0 mov eax, dword ptr fs:[00000030h]	11_2_3485D1D0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485D1D0 mov ecx, dword ptr fs:[00000030h]	11_2_3485D1D0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]	11_2_348451EF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348251ED mov eax, dword ptr fs:[00000030h]	11_2_348251ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C71F9 mov esi, dword ptr fs:[00000030h]	11_2_348C71F9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821131 mov eax, dword ptr fs:[00000030h]	11_2_34821131
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821131 mov eax, dword ptr fs:[00000030h]	11_2_34821131
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]	11_2_3481B136
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]	11_2_3481B136
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]	11_2_3481B136
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]	11_2_3481B136
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]	11_2_34819148
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]	11_2_34819148
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]	11_2_34819148
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]	11_2_34819148
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827152 mov eax, dword ptr fs:[00000030h]	11_2_34827152
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F5152 mov eax, dword ptr fs:[00000030h]	11_2_348F5152
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B9179 mov eax, dword ptr fs:[00000030h]	11_2_348B9179
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]	11_2_3481F172
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F5283 mov eax, dword ptr fs:[00000030h]	11_2_348F5283
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485329E mov eax, dword ptr fs:[00000030h]	11_2_3485329E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485329E mov eax, dword ptr fs:[00000030h]	11_2_3485329E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]	11_2_348352A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]	11_2_348352A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]	11_2_348352A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]	11_2_348352A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]	11_2_348E92A6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]	11_2_348E92A6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]	11_2_348E92A6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]	11_2_348E92A6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B72A0 mov eax, dword ptr fs:[00000030h]	11_2_348B72A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348B72A0 mov eax, dword ptr fs:[00000030h]	11_2_348B72A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A92BC mov eax, dword ptr fs:[00000030h]	11_2_348A92BC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A92BC mov eax, dword ptr fs:[00000030h]	11_2_348A92BC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A92BC mov ecx, dword ptr fs:[00000030h]	11_2_348A92BC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A92BC mov ecx, dword ptr fs:[00000030h]	11_2_348A92BC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348292C5 mov eax, dword ptr fs:[00000030h]	11_2_348292C5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348292C5 mov eax, dword ptr fs:[00000030h]	11_2_348292C5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B2D3 mov eax, dword ptr fs:[00000030h]	11_2_3481B2D3
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B2D3 mov eax, dword ptr fs:[00000030h]	11_2_3481B2D3
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481B2D3 mov eax, dword ptr fs:[00000030h]	11_2_3481B2D3
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F2D0 mov eax, dword ptr fs:[00000030h]	11_2_3484F2D0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F2D0 mov eax, dword ptr fs:[00000030h]	11_2_3484F2D0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]	11_2_348D12ED
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F52E2 mov eax, dword ptr fs:[00000030h]	11_2_348F52E2
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF2F8 mov eax, dword ptr fs:[00000030h]	11_2_348DF2F8
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB2F0 mov eax, dword ptr fs:[00000030h]	11_2_348CB2F0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CB2F0 mov eax, dword ptr fs:[00000030h]	11_2_348CB2F0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348192FF mov eax, dword ptr fs:[00000030h]	11_2_348192FF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34857208 mov eax, dword ptr fs:[00000030h]	11_2_34857208
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34857208 mov eax, dword ptr fs:[00000030h]	11_2_34857208
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F5227 mov eax, dword ptr fs:[00000030h]	11_2_348F5227
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819240 mov eax, dword ptr fs:[00000030h]	11_2_34819240
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819240 mov eax, dword ptr fs:[00000030h]	11_2_34819240
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485724D mov eax, dword ptr fs:[00000030h]	11_2_3485724D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AD250 mov ecx, dword ptr fs:[00000030h]	11_2_348AD250
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DB256 mov eax, dword ptr fs:[00000030h]	11_2_348DB256
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DB256 mov eax, dword ptr fs:[00000030h]	11_2_348DB256
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ED26B mov eax, dword ptr fs:[00000030h]	11_2_348ED26B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ED26B mov eax, dword ptr fs:[00000030h]	11_2_348ED26B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34849274 mov eax, dword ptr fs:[00000030h]	11_2_34849274
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34861270 mov eax, dword ptr fs:[00000030h]	11_2_34861270
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34861270 mov eax, dword ptr fs:[00000030h]	11_2_34861270
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F539D mov eax, dword ptr fs:[00000030h]	11_2_348F539D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348433A5 mov eax, dword ptr fs:[00000030h]	11_2_348433A5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348533A0 mov eax, dword ptr fs:[00000030h]	11_2_348533A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348533A0 mov eax, dword ptr fs:[00000030h]	11_2_348533A0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C13B9 mov eax, dword ptr fs:[00000030h]	11_2_348C13B9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C13B9 mov eax, dword ptr fs:[00000030h]	11_2_348C13B9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C13B9 mov eax, dword ptr fs:[00000030h]	11_2_348C13B9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DB3D0 mov ecx, dword ptr fs:[00000030h]	11_2_348DB3D0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF3E6 mov eax, dword ptr fs:[00000030h]	11_2_348DF3E6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F53FC mov eax, dword ptr fs:[00000030h]	11_2_348F53FC
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A930B mov eax, dword ptr fs:[00000030h]	11_2_348A930B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A930B mov eax, dword ptr fs:[00000030h]	11_2_348A930B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A930B mov eax, dword ptr fs:[00000030h]	11_2_348A930B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E132D mov eax, dword ptr fs:[00000030h]	11_2_348E132D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E132D mov eax, dword ptr fs:[00000030h]	11_2_348E132D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484F32A mov eax, dword ptr fs:[00000030h]	11_2_3484F32A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817330 mov eax, dword ptr fs:[00000030h]	11_2_34817330
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481D34C mov eax, dword ptr fs:[00000030h]	11_2_3481D34C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481D34C mov eax, dword ptr fs:[00000030h]	11_2_3481D34C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F5341 mov eax, dword ptr fs:[00000030h]	11_2_348F5341
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819353 mov eax, dword ptr fs:[00000030h]	11_2_34819353
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819353 mov eax, dword ptr fs:[00000030h]	11_2_34819353
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DF367 mov eax, dword ptr fs:[00000030h]	11_2_348DF367
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827370 mov eax, dword ptr fs:[00000030h]	11_2_34827370
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827370 mov eax, dword ptr fs:[00000030h]	11_2_34827370
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827370 mov eax, dword ptr fs:[00000030h]	11_2_34827370
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C3370 mov eax, dword ptr fs:[00000030h]	11_2_348C3370
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]	11_2_34823C84
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]	11_2_34823C84
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]	11_2_34823C84
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]	11_2_34823C84
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481DCA0 mov eax, dword ptr fs:[00000030h]	11_2_3481DCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484FCA0 mov ecx, dword ptr fs:[00000030h]	11_2_3484FCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]	11_2_3484FCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]	11_2_3484FCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]	11_2_3484FCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]	11_2_3484FCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BCA0 mov eax, dword ptr fs:[00000030h]	11_2_3485BCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BCA0 mov eax, dword ptr fs:[00000030h]	11_2_3485BCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BCA0 mov ecx, dword ptr fs:[00000030h]	11_2_3485BCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BCA0 mov eax, dword ptr fs:[00000030h]	11_2_3485BCA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]	11_2_348DFCAB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831CC7 mov eax, dword ptr fs:[00000030h]	11_2_34831CC7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831CC7 mov eax, dword ptr fs:[00000030h]	11_2_34831CC7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34855CC0 mov eax, dword ptr fs:[00000030h]	11_2_34855CC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34855CC0 mov eax, dword ptr fs:[00000030h]	11_2_34855CC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A3CDB mov eax, dword ptr fs:[00000030h]	11_2_348A3CDB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A3CDB mov eax, dword ptr fs:[00000030h]	11_2_348A3CDB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348A3CDB mov eax, dword ptr fs:[00000030h]	11_2_348A3CDB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CFCDF mov eax, dword ptr fs:[00000030h]	11_2_348CFCDF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CFCDF mov eax, dword ptr fs:[00000030h]	11_2_348CFCDF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CFCDF mov eax, dword ptr fs:[00000030h]	11_2_348CFCDF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]	11_2_34817CD5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]	11_2_34817CD5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]	11_2_34817CD5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]	11_2_34817CD5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]	11_2_34817CD5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C1CF9 mov eax, dword ptr fs:[00000030h]	11_2_348C1CF9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C1CF9 mov eax, dword ptr fs:[00000030h]	11_2_348C1CF9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C1CF9 mov eax, dword ptr fs:[00000030h]	11_2_348C1CF9
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348FBC01 mov eax, dword ptr fs:[00000030h]	11_2_348FBC01
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348FBC01 mov eax, dword ptr fs:[00000030h]	11_2_348FBC01
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ABC10 mov eax, dword ptr fs:[00000030h]	11_2_348ABC10
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ABC10 mov eax, dword ptr fs:[00000030h]	11_2_348ABC10
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ABC10 mov ecx, dword ptr fs:[00000030h]	11_2_348ABC10
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EDC27 mov eax, dword ptr fs:[00000030h]	11_2_348EDC27
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EDC27 mov eax, dword ptr fs:[00000030h]	11_2_348EDC27
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EDC27 mov eax, dword ptr fs:[00000030h]	11_2_348EDC27
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348F1C3C mov eax, dword ptr fs:[00000030h]	11_2_348F1C3C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BC3B mov esi, dword ptr fs:[00000030h]	11_2_3485BC3B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817C40 mov eax, dword ptr fs:[00000030h]	11_2_34817C40
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817C40 mov ecx, dword ptr fs:[00000030h]	11_2_34817C40
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817C40 mov eax, dword ptr fs:[00000030h]	11_2_34817C40
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817C40 mov eax, dword ptr fs:[00000030h]	11_2_34817C40
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DFC4F mov eax, dword ptr fs:[00000030h]	11_2_348DFC4F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831C60 mov eax, dword ptr fs:[00000030h]	11_2_34831C60
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34851C7C mov eax, dword ptr fs:[00000030h]	11_2_34851C7C
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481FD80 mov eax, dword ptr fs:[00000030h]	11_2_3481FD80
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819D96 mov eax, dword ptr fs:[00000030h]	11_2_34819D96
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819D96 mov eax, dword ptr fs:[00000030h]	11_2_34819D96
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34819D96 mov ecx, dword ptr fs:[00000030h]	11_2_34819D96
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34859DAF mov eax, dword ptr fs:[00000030h]	11_2_34859DAF
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483DDB1 mov eax, dword ptr fs:[00000030h]	11_2_3483DDB1
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483DDB1 mov eax, dword ptr fs:[00000030h]	11_2_3483DDB1
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483DDB1 mov eax, dword ptr fs:[00000030h]	11_2_3483DDB1
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ADDB1 mov eax, dword ptr fs:[00000030h]	11_2_348ADDB1
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348EDDC6 mov eax, dword ptr fs:[00000030h]	11_2_348EDDC6
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ADDC0 mov eax, dword ptr fs:[00000030h]	11_2_348ADDC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DDDC7 mov eax, dword ptr fs:[00000030h]	11_2_348DDDC7
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823DD0 mov eax, dword ptr fs:[00000030h]	11_2_34823DD0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823DD0 mov eax, dword ptr fs:[00000030h]	11_2_34823DD0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34833D00 mov eax, dword ptr fs:[00000030h]	11_2_34833D00
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AFD2A mov eax, dword ptr fs:[00000030h]	11_2_348AFD2A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AFD2A mov eax, dword ptr fs:[00000030h]	11_2_348AFD2A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34833D20 mov eax, dword ptr fs:[00000030h]	11_2_34833D20
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34817D41 mov eax, dword ptr fs:[00000030h]	11_2_34817D41
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BD4E mov eax, dword ptr fs:[00000030h]	11_2_3485BD4E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BD4E mov eax, dword ptr fs:[00000030h]	11_2_3485BD4E
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ADD47 mov eax, dword ptr fs:[00000030h]	11_2_348ADD47
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]	11_2_348E1D5A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]	11_2_348E1D5A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]	11_2_348E1D5A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]	11_2_348E1D5A
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827D75 mov eax, dword ptr fs:[00000030h]	11_2_34827D75
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827D75 mov eax, dword ptr fs:[00000030h]	11_2_34827D75
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34853E8F mov eax, dword ptr fs:[00000030h]	11_2_34853E8F
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ADE9B mov eax, dword ptr fs:[00000030h]	11_2_348ADE9B
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34827E96 mov eax, dword ptr fs:[00000030h]	11_2_34827E96
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348ADEAA mov eax, dword ptr fs:[00000030h]	11_2_348ADEAA
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481FEA0 mov eax, dword ptr fs:[00000030h]	11_2_3481FEA0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481DEA5 mov eax, dword ptr fs:[00000030h]	11_2_3481DEA5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481DEA5 mov ecx, dword ptr fs:[00000030h]	11_2_3481DEA5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]	11_2_348CDEB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CDEB0 mov ecx, dword ptr fs:[00000030h]	11_2_348CDEB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]	11_2_348CDEB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]	11_2_348CDEB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]	11_2_348CDEB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DDEB0 mov eax, dword ptr fs:[00000030h]	11_2_348DDEB0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3481BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3481BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]	11_2_3482BEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3484FEC0 mov eax, dword ptr fs:[00000030h]	11_2_3484FEC0
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348AFEC5 mov eax, dword ptr fs:[00000030h]	11_2_348AFEC5
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823EE1 mov eax, dword ptr fs:[00000030h]	11_2_34823EE1
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34853EEB mov ecx, dword ptr fs:[00000030h]	11_2_34853EEB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34853EEB mov eax, dword ptr fs:[00000030h]	11_2_34853EEB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34853EEB mov eax, dword ptr fs:[00000030h]	11_2_34853EEB
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823EF4 mov eax, dword ptr fs:[00000030h]	11_2_34823EF4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823EF4 mov eax, dword ptr fs:[00000030h]	11_2_34823EF4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34823EF4 mov eax, dword ptr fs:[00000030h]	11_2_34823EF4
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481DE10 mov eax, dword ptr fs:[00000030h]	11_2_3481DE10
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483DE2D mov eax, dword ptr fs:[00000030h]	11_2_3483DE2D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483DE2D mov eax, dword ptr fs:[00000030h]	11_2_3483DE2D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3483DE2D mov eax, dword ptr fs:[00000030h]	11_2_3483DE2D
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821E30 mov eax, dword ptr fs:[00000030h]	11_2_34821E30
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34821E30 mov eax, dword ptr fs:[00000030h]	11_2_34821E30
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34835E40 mov eax, dword ptr fs:[00000030h]	11_2_34835E40
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348DDE46 mov eax, dword ptr fs:[00000030h]	11_2_348DDE46
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BE51 mov eax, dword ptr fs:[00000030h]	11_2_3485BE51
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3485BE51 mov eax, dword ptr fs:[00000030h]	11_2_3485BE51
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_348C9E56 mov ecx, dword ptr fs:[00000030h]	11_2_348C9E56
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_3481BE78 mov ecx, dword ptr fs:[00000030h]	11_2_3481BE78
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov eax, dword ptr fs:[00000030h]	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov eax, dword ptr fs:[00000030h]	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]	11_2_34831F92
Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe	Code function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]	11_2_34831F92

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

Process created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe

5_2_0040338F

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match

File source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match

File source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	211 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Process Injection	1 Access Token Manipulation	LSASS Memory	3 File and Directory Discovery	Remote Desktop Protocol	1 Clipboard Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	11 Process Injection	Security Account Manager	23 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Purchase Order Purchase Order Purchase Order Purchase Order.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
Purchase Order Purchase Order Purchase Order Purchase Order.exe