Windows Analysis Report packing list commercial invoice and bl termplate draft for export.exe

Overview

General Information

Sample Name: packing list commercial invoice and bl termplate draft for export.exe
Analysis ID: 483686
MD5: ddf2ae4b85ec6e277713ba1b5c844ed7
SHA1: b07236d7dcd264152bdb989840c2b78bdfd84764
SHA256: 34c8be34215e94bd3ffab958ea56583ef0e40adcfa306609a2cb275e3e552d8f
Tags: AgentTeslaexeInvoice
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Initial sample is a PE file and has a suspicious name
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Machine Learning detection for sample
.NET source code contains potential unpacker
.NET source code contains very large strings
Machine Learning detection for dropped file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Creates processes with suspicious names
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

AV Detection:

barindex
Found malware configuration
Source: 9.2.packing list commercial invoice and bl termplate draft for export.exe.400000.0.unpack Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "sales4@italfood.ae", "Password": "Sales@634@$", "Host": "mail.italfood.ae"}
Multi AV Scanner detection for submitted file
Source: packing list commercial invoice and bl termplate draft for export.exe Virustotal: Detection: 44% Perma Link
Machine Learning detection for sample
Source: packing list commercial invoice and bl termplate draft for export.exe Joe Sandbox ML: detected
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\wVhpvdZWIB.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 9.2.packing list commercial invoice and bl termplate draft for export.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8

Compliance:

barindex
Uses 32bit PE files
Source: packing list commercial invoice and bl termplate draft for export.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: packing list commercial invoice and bl termplate draft for export.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.4:49817 -> 185.243.77.210:587
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp String found in binary or memory: http://DynDns.comDynDNS
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp, packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933666233.0000000003562000.00000004.00000001.sdmp String found in binary or memory: http://Q1q5wm8CcDOVVgnVHl2.net
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933693229.000000000356A000.00000004.00000001.sdmp String found in binary or memory: http://italfood.ae
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933693229.000000000356A000.00000004.00000001.sdmp String found in binary or memory: http://mail.italfood.ae
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp String found in binary or memory: http://pUvlwI.com
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.671838520.0000000005E78000.00000004.00000001.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.668944781.0000000005E7B000.00000004.00000001.sdmp String found in binary or memory: http://www.fonts.com
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.668944781.0000000005E7B000.00000004.00000001.sdmp String found in binary or memory: http://www.fonts.comc
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.670606758.0000000005E6E000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cnantE3&
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.670606758.0000000005E6E000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cntte12z
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.675566665.0000000005E6A000.00000004.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmQ$
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.675185471.0000000005E6A000.00000004.00000001.sdmp String found in binary or memory: http://www.itcfonts.
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673342532.0000000005E6C000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673626995.0000000005E6A000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp//t
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673342532.0000000005E6C000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/5
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673390206.0000000005E69000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/C
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673342532.0000000005E6C000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/J
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673342532.0000000005E6C000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/X
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673390206.0000000005E69000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/d
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673342532.0000000005E6C000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673626995.0000000005E6A000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/X
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673626995.0000000005E6A000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/d
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673342532.0000000005E6C000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/s_tr
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.673342532.0000000005E6C000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/sv-s
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000003.669186150.0000000005E7B000.00000004.00000001.sdmp String found in binary or memory: http://www.tiro.com
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.931203784.0000000000402000.00000040.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

System Summary:

barindex
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: packing list commercial invoice and bl termplate draft for export.exe
.NET source code contains very large strings
Source: packing list commercial invoice and bl termplate draft for export.exe, t?fgWql?xy?C/kaBb??kPS?.cs Long String: Length: 217896
Source: wVhpvdZWIB.exe.0.dr, t?fgWql?xy?C/kaBb??kPS?.cs Long String: Length: 217896
Source: 0.0.packing list commercial invoice and bl termplate draft for export.exe.9f0000.0.unpack, t?fgWql?xy?C/kaBb??kPS?.cs Long String: Length: 217896
Source: 9.0.packing list commercial invoice and bl termplate draft for export.exe.cc0000.0.unpack, t?fgWql?xy?C/kaBb??kPS?.cs Long String: Length: 217896
Source: 9.2.packing list commercial invoice and bl termplate draft for export.exe.cc0000.1.unpack, t?fgWql?xy?C/kaBb??kPS?.cs Long String: Length: 217896
Uses 32bit PE files
Source: packing list commercial invoice and bl termplate draft for export.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Detected potential crypto function
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_012840B0 9_2_012840B0
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_01281678 9_2_01281678
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_01286470 9_2_01286470
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_0128F088 9_2_0128F088
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_01288650 9_2_01288650
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_016346A0 9_2_016346A0
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_016345B0 9_2_016345B0
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Code function: 9_2_01634690 9_2_01634690
Sample file is different than original file name gathered from version info
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000000.00000000.665535621.00000000009F2000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameZYxe.exeF vs packing list commercial invoice and bl termplate draft for export.exe
Source: packing list commercial invoice and bl termplate draft for export.exe Binary or memory string: OriginalFilename vs packing list commercial invoice and bl termplate draft for export.exe
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.931203784.0000000000402000.00000040.00000001.sdmp Binary or memory string: OriginalFilenameUBrTqcgnlevNnYcnNIDjXNnCM.exe4 vs packing list commercial invoice and bl termplate draft for export.exe
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.931249574.0000000000CC2000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameZYxe.exeF vs packing list commercial invoice and bl termplate draft for export.exe
Source: packing list commercial invoice and bl termplate draft for export.exe Binary or memory string: OriginalFilenameZYxe.exeF vs packing list commercial invoice and bl termplate draft for export.exe
Source: packing list commercial invoice and bl termplate draft for export.exe Virustotal: Detection: 44%
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File read: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Jump to behavior
Source: packing list commercial invoice and bl termplate draft for export.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe 'C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe'
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\wVhpvdZWIB' /XML 'C:\Users\user\AppData\Local\Temp\tmpCAE9.tmp'
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process created: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe {path}
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\wVhpvdZWIB' /XML 'C:\Users\user\AppData\Local\Temp\tmpCAE9.tmp' Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process created: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe {path} Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File created: C:\Users\user\AppData\Roaming\wVhpvdZWIB.exe Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File created: C:\Users\user\AppData\Local\Temp\tmpCAE9.tmp Jump to behavior
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@6/3@0/0
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:120:WilError_01
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Mutant created: \Sessions\1\BaseNamedObjects\zSdXYymfHDmIfzlxUHn
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: packing list commercial invoice and bl termplate draft for export.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: packing list commercial invoice and bl termplate draft for export.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation:

barindex
.NET source code contains potential unpacker
Source: packing list commercial invoice and bl termplate draft for export.exe, xCJ?xl?mE/doTK??k?tr?e.cs .Net Code: D6549645123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: wVhpvdZWIB.exe.0.dr, xCJ?xl?mE/doTK??k?tr?e.cs .Net Code: D6549645123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.packing list commercial invoice and bl termplate draft for export.exe.9f0000.0.unpack, xCJ?xl?mE/doTK??k?tr?e.cs .Net Code: D6549645123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 9.0.packing list commercial invoice and bl termplate draft for export.exe.cc0000.0.unpack, xCJ?xl?mE/doTK??k?tr?e.cs .Net Code: D6549645123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 9.2.packing list commercial invoice and bl termplate draft for export.exe.cc0000.1.unpack, xCJ?xl?mE/doTK??k?tr?e.cs .Net Code: D6549645123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Persistence and Installation Behavior:

barindex
Creates processes with suspicious names
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File created: \packing list commercial invoice and bl termplate draft for export.exe
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File created: \packing list commercial invoice and bl termplate draft for export.exe
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File created: \packing list commercial invoice and bl termplate draft for export.exe Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File created: \packing list commercial invoice and bl termplate draft for export.exe Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe File created: C:\Users\user\AppData\Roaming\wVhpvdZWIB.exe Jump to dropped file

Boot Survival:

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\wVhpvdZWIB' /XML 'C:\Users\user\AppData\Local\Temp\tmpCAE9.tmp'
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe TID: 6984 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe TID: 6924 Thread sleep time: -17524406870024063s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe TID: 6932 Thread sleep count: 740 > 30 Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe TID: 6932 Thread sleep count: 9113 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Window / User API: threadDelayed 740 Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Window / User API: threadDelayed 9113 Jump to behavior
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.934998689.00000000065C0000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: packing list commercial invoice and bl termplate draft for export.exe Binary or memory string: yNPVBitmapGetObjectget_ypVmCultureypVmDebuggerNonUserCodeAttributePoC

Anti Debugging:

barindex
Enables debug privileges
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\wVhpvdZWIB' /XML 'C:\Users\user\AppData\Local\Temp\tmpCAE9.tmp' Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Process created: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe {path} Jump to behavior
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.932745062.0000000001AF0000.00000002.00020000.sdmp Binary or memory string: Program Manager
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.932745062.0000000001AF0000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.932745062.0000000001AF0000.00000002.00020000.sdmp Binary or memory string: Progman
Source: packing list commercial invoice and bl termplate draft for export.exe, 00000009.00000002.932745062.0000000001AF0000.00000002.00020000.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information:

barindex
Yara detected AgentTesla
Source: Yara match File source: 9.2.packing list commercial invoice and bl termplate draft for export.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000009.00000002.931203784.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: packing list commercial invoice and bl termplate draft for export.exe PID: 6588, type: MEMORYSTR
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\Desktop\packing list commercial invoice and bl termplate draft for export.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: packing list commercial invoice and bl termplate draft for export.exe PID: 6588, type: MEMORYSTR

Remote Access Functionality:

barindex
Yara detected AgentTesla
Source: Yara match File source: 9.2.packing list commercial invoice and bl termplate draft for export.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000009.00000002.931203784.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.933232285.0000000003211000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: packing list commercial invoice and bl termplate draft for export.exe PID: 6588, type: MEMORYSTR
No contacted IP infos